# VIII. TRUTH

### 8.1 Nexus Truth Engine Purpose and Non-Oracle Rule

8.1.1 Nexus Truth Engine as a Method-Supported Confidence, Corroboration, Dispute, Evidence-Routing, and Correction System.\
8.1.1(a) GCRI Canada shall steward the Nexus Truth Engine as a method-supported confidence, corroboration, dispute, evidence-routing, and correction system within GCRI Canada’s public-benefit, non-executing, evidence-and-methods mandate.

8.1.1(b) The Nexus Truth Engine shall support the disciplined treatment of evidence by helping identify what is known, what is not known, what is probable, what is uncertain, what is disputed, what is stale, what is corrected, what is superseded, what is public-safe, what is restricted, what is source-supported, what is method-supported, what is confidence-supported, what is outside the record, and what must not be publicly overstated.

8.1.1(c) The Nexus Truth Engine may support evidence comparison, source comparison, corroboration, contradiction detection, confidence treatment, uncertainty treatment, dispute routing, stale-evidence detection, missing-evidence identification, spoof-risk flagging, source-lineage review, method-dependency review, correction triggering, supersession tracking, withdrawal routing, retraction routing, and downstream dependency review.

8.1.1(d) The Nexus Truth Engine shall operate through records, methods, registered evidence categories, controlled vocabulary, source lineage, provenance, custody, classification, confidence logic, uncertainty logic, limitation treatment, review status, public-safe status, access controls, correction paths, and dependency tracking.

8.1.1(e) The Nexus Truth Engine shall not treat volume, repetition, popularity, institutional prestige, public authority attention, sponsor support, provider prominence, media circulation, AI output, dashboard display, blockchain anchoring, proof receipt, or technical sophistication as a substitute for method-supported evidence.

8.1.1(f) The Nexus Truth Engine may identify conflicts among records, but conflict identification shall not by itself resolve institutional truth, create public meaning, assign legal responsibility, establish recognition, determine finance-readiness, create public authority effect, certify a system, rank a provider, or execute a downstream action.

8.1.1(g) The Nexus Truth Engine shall support correctionability by routing defects, disputes, stale records, overclaims, source-lineage gaps, method defects, confidence defects, uncertainty defects, public-safe classification defects, and downstream dependency concerns to the appropriate correction, review, withdrawal, retraction, supersession, or archival pathway.

8.1.1(h) The controlling rule shall be that the Nexus Truth Engine is a disciplined evidence infrastructure for better truth stewardship, not an automatic machine for producing institutional authority.

***

8.1.2 Nexus Truth Engine as Decision-Supporting, Not Decision-Making.\
8.1.2(a) The Nexus Truth Engine shall be decision-supporting and shall not be decision-making. It may assist competent actors by structuring evidence, identifying confidence, disclosing uncertainty, comparing sources, surfacing disputes, routing corrections, and clarifying limitations, but it shall not itself decide, approve, certify, recognize, procure, fund, finance, insure, underwrite, rate, warn, command, regulate, enforce, operate, deploy, or execute.

8.1.2(b) The Nexus Truth Engine may support internal GCRI Canada governance, public authority learning, GRF evidence inputs, GRA evidence inputs, Protocol Authority support, Nexus Observatory review, Nexus Risk Management review, Nexus Rails handoffs, Nexus Grid inputs, Nexus Academy materials, National Consortium evidence work, National Company interfaces, Project SPV interfaces, provider-facing evidence review, sponsor-facing boundary review, host-facing evidence review, and community-facing public-safe outputs, provided that each use remains within its recorded boundary.

8.1.2(c) Decision-supporting outputs shall include confidence notes, uncertainty notes, evidence comparison notes, source-lineage notes, dispute flags, missing-evidence flags, stale-evidence flags, correction flags, evidence-routing notes, public-safe review notes, dependency notes, and boundary notes.

8.1.2(d) No Nexus Truth Engine output shall be described as a final decision, approval, adoption, determination, authorization, certificate, rating, guarantee, public authority finding, public warning, finance-readiness determination, procurement decision, protocol entitlement, recognition record, maturity record, provider endorsement, sponsor approval, investment recommendation, or execution command.

8.1.2(e) Where a competent downstream actor relies on Nexus Truth Engine outputs, such reliance shall remain the downstream actor’s own reliance within its own lawful authority, duty, procedure, accountability, and record. GCRI Canada’s support shall not convert GCRI Canada into the downstream decision-maker.

8.1.2(f) Where a Nexus Truth Engine output is used in a Decision Pack, public authority learning material, GRF input, GRA input, Protocol Authority support, Docket record, Grid record, Rails handoff, Observatory output, public-safe publication, dashboard, map, technical baseline, or public claim, the output shall carry or be linked to sufficient source, method, status, confidence, uncertainty, limitation, permitted-use, prohibited-use, and correction information.

8.1.2(g) Where a Nexus Truth Engine output creates credible risk of being mistaken for a decision, GCRI Canada shall narrow, relabel, restrict, correct, withdraw, reissue, route to a competent actor, or add public-safe boundary language sufficient to restore the decision-supporting character of the output.

8.1.2(h) The controlling rule shall be that the Nexus Truth Engine may inform judgment but shall not replace judgment, authority, accountability, or lawful decision-making by competent actors.

***

8.1.3 Nexus Truth Engine as Evidence Infrastructure, Not Public Authority, Regulator, Certifier, Rating Agency, Financial Actor, Emergency Commander, or Public Warning System.\
8.1.3(a) The Nexus Truth Engine shall be evidence infrastructure and shall not be public authority, regulator, certifier, rating agency, financial actor, emergency commander, public warning system, procurement authority, market operator, infrastructure operator, protocol authority, professional adviser, insurer, lender, underwriter, broker, dealer, fund, public finance approver, or execution actor.

8.1.3(b) The Nexus Truth Engine shall not issue public authority decisions, regulatory approvals, enforcement positions, procurement approvals, funding approvals, public finance approvals, official guidance, emergency commands, public warnings, public health orders, evacuation instructions, permits, licenses, safe harbors, compliance determinations, or sovereign obligations.

8.1.3(c) The Nexus Truth Engine shall not issue certification, recognition, maturity records, standing, public-facing legitimacy, provider endorsement, sponsor approval, protocol entitlements, role keys, smart licenses, proof-receipt legal effect, conformance states with external force, technical performance guarantees, security approvals, or operational clearances.

8.1.3(d) The Nexus Truth Engine shall not issue investment advice, securities recommendations, brokerage outputs, placement outputs, finder outputs, capital suitability determinations, lending decisions, underwriting decisions, insurance placement decisions, ratings, guarantees, public finance approvals, capital commitments, bankability determinations, fundability determinations, or finance-readiness determinations by default.

8.1.3(e) The Nexus Truth Engine shall not become a public warning system merely because it handles risk evidence, hazard evidence, public authority evidence, emergency-management evidence, cyber evidence, health-sensitive evidence, climate evidence, disaster evidence, infrastructure evidence, dashboard outputs, maps, sensor signals, AI-RAN signals, DePIN records, digital twin outputs, or observability signals.

8.1.3(f) The Nexus Truth Engine shall not become a public authority, regulator, certifier, rating agency, financial actor, emergency commander, or public warning system by reason of public authority participation, sponsor support, provider participation, capital-reader interest, Nexus branding, dashboard visibility, media attention, public reliance, or technical sophistication.

8.1.3(g) Where Nexus Truth Engine outputs are used by GRF, GRA, Protocol Authority, public authorities, National Consortiums, National Companies, Project SPVs, providers, sponsors, hosts, universities, capital readers, or communities, GCRI Canada shall preserve role-specific boundary language and shall not allow evidence infrastructure to be misdescribed as downstream authority.

8.1.3(h) The controlling rule shall be that evidence infrastructure may support lawful authority held by others, but it shall not itself become the authority it supports.

***

8.1.4 Nexus Truth Engine as Confidence-Aware and Limitation-Aware.\
8.1.4(a) The Nexus Truth Engine shall be confidence-aware and limitation-aware. It shall preserve, generate, route, display, or reference confidence and limitation information only within recorded method, evidence, classification, and public-safe boundaries.

8.1.4(b) Confidence treatment shall address, where material, source reliability, source independence, source completeness, provenance, custody, data quality, method quality, calibration, corroboration, contradiction, reproducibility, timeliness, stale status, missing data, model dependence, AI dependence, sensor quality, spoof risk, cyber integrity, geospatial precision, benchmark conditions, public authority context, community context, protected knowledge limitations, and public-safe status.

8.1.4(c) Limitation treatment shall identify, where material, source limits, method limits, dataset limits, model limits, geographic limits, temporal limits, jurisdictional limits, public authority limits, privacy limits, cybersecurity limits, sovereign data limits, protected knowledge limits, community safeguard limits, finance-boundary limits, provider-neutrality limits, sponsor-non-control limits, and downstream-use limits.

8.1.4(d) Confidence indicators, confidence scores, certainty language, readiness-context signals, maturity-context signals, dashboard colors, map overlays, risk indicators, resilience indicators, proof receipts, benchmark results, and model outputs shall not be used in a manner that creates false precision, rating-like meaning, certification-like meaning, recognition-like meaning, finance-readiness meaning, public authority meaning, procurement meaning, provider preference, sponsor validation, public warning, or execution implication.

8.1.4(e) Where confidence is low, disputed, source-limited, method-limited, model-dependent, AI-dependent, context-limited, stale, incomplete, or unsuitable for public release, the Nexus Truth Engine shall reflect such status in records and shall not allow outputs to be communicated as stronger than the record supports.

8.1.4(f) Where limitations materially affect reliance, the Nexus Truth Engine shall support limitation disclosure in Evidence Packs, Decision Packs, public-safe outputs, dashboards, maps, Docket records, Grid records, Observatory records, Rails handoffs, GRF inputs, GRA inputs, Protocol Authority support, public authority materials, finance-facing materials, provider materials, sponsor materials, community-facing materials, and public claims.

8.1.4(g) Where confidence or limitation treatment is corrected, downgraded, disputed, restricted, superseded, withdrawn, retracted, or reissued, the Nexus Truth Engine shall support dependency review and downstream correction.

8.1.4(h) The controlling rule shall be that confidence and limitations are not decorative notes; they are core evidence conditions without which truth claims become unsafe.

***

8.1.5 Nexus Truth Engine as Source-Lined, Contextual, Versioned, Reviewable, Challengeable, and Correctionable.\
8.1.5(a) The Nexus Truth Engine shall be source-lined, contextual, versioned, reviewable, challengeable, and correctionable.

8.1.5(b) Source-lined means that material Nexus Truth Engine inputs, outputs, comparisons, confidence assessments, dispute flags, correction triggers, routing decisions, and public-safe summaries shall be connected to source records, provenance, custody, method records, dataset records, model records, observability records, ontology records, evidence records, and dependency records where material.

8.1.5(c) Contextual means that the Nexus Truth Engine shall preserve technology domain, risk domain, jurisdictional context, public authority context, community context, Indigenous or local knowledge context, protected knowledge context, data class, evidence class, method scope, public-safe status, audience, intended use, prohibited use, and downstream boundary conditions where material.

8.1.5(d) Versioned means that material Nexus Truth Engine methods, evidence classes, confidence logic, dispute logic, source-comparison logic, correction logic, outputs, summaries, dashboards, integrations, public-safe artifacts, and interface records shall carry version identity, effective date, status, supersession path, withdrawal path, and archive path where material.

8.1.5(e) Reviewable means that authorized reviewers shall be able to inspect the evidence basis, method basis, source treatment, confidence treatment, uncertainty treatment, limitation treatment, classification treatment, public-safe treatment, AI-use treatment where applicable, and correction path for material Nexus Truth Engine outputs without exposing protected material beyond proper access controls.

8.1.5(f) Challengeable means that material Nexus Truth Engine outputs may be challenged by authorized actors, affected persons, data stewards, evidence stewards, method stewards, public authority participants, community participants, Indigenous or local knowledge holders, GRF, GRA, Protocol Authority, Nexus entities, providers, sponsors, hosts, universities, or other credible challengers through appropriate challenge pathways.

8.1.5(g) Correctionable means that material Nexus Truth Engine records and outputs shall be capable of correction, confidence change, uncertainty change, reclassification, restriction, supersession, withdrawal, retraction, downgrade, suspension, reinstatement, retirement, archive, and downstream dependency notification.

8.1.5(h) The controlling rule shall be that a Truth Engine output that cannot be sourced, contextualized, versioned, reviewed, challenged, and corrected shall not be treated as institutionally reliable.

***

8.1.6 Nexus Truth Engine as AI-Assisted Only Under Governance, Records, Human Review Where Material, and Public-Safe Controls.\
8.1.6(a) The Nexus Truth Engine may be AI-assisted only under governance, records, human review where material, public-safe controls, data controls, cybersecurity controls, privacy controls, sovereign data controls, protected knowledge controls, and correction controls.

8.1.6(b) AI assistance may support retrieval, classification, summarization, comparison, anomaly detection, contradiction detection, source matching, entity resolution, translation support, routing support, dispute flagging, stale-evidence detection, missing-evidence identification, public-safe drafting support, metadata generation, and correction workflow support, provided that AI assistance does not become AI authority.

8.1.6(c) Material AI-assisted Nexus Truth Engine work shall be supported by model registration, dataset registration where applicable, system cards where applicable, model cards where applicable, benchmark cards where applicable, inference records where material, retrieval records where material, prompt or input records where material and safe, human review requirements, access controls, output limits, and correction paths.

8.1.6(d) AI systems used in the Nexus Truth Engine shall be governed against hallucination, bias, drift, overconfidence, data leakage, prompt injection, insecure integration, unauthorized tool use, agentic overreach, hidden training use, cross-border transfer, vendor capture, model dependency, public authority overclaim, finance overclaim, provider preference, sponsor influence, and public-safe publication failure.

8.1.6(e) Rights-bearing data, public authority restricted data, cyber-sensitive data, infrastructure-sensitive data, health-sensitive data, sovereign-sensitive data, finance-sensitive data, community-protected data, Indigenous knowledge, local knowledge, protected knowledge, source-protected information, and confidential materials shall not be processed through AI systems within the Nexus Truth Engine unless lawful, authorized, classification-compliant, secure, purpose-bound, records-valid, and consistent with public-safe publication and safeguard requirements.

8.1.6(f) Human review shall be required where AI outputs materially affect evidence meaning, confidence, uncertainty, public-safe classification, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, protected knowledge treatment, community safeguard treatment, technical baseline status, correction status, or public claims.

8.1.6(g) AI-generated outputs, summaries, scores, classifications, confidence estimates, dispute flags, translations, routing suggestions, or public-safe drafts shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.1.6(h) The controlling rule shall be that AI may assist the Nexus Truth Engine only where it remains governed, recorded, reviewed, bounded, safe, and correctionable.

***

8.1.7 Nexus Truth Engine as Interoperable With Nexus Observatory, Nexus Network, Nexus Risk Management, Nexus Rails, Nexus Grid, GRF, GRA, Nexus Standards / Protocol Authority, National Consortiums, National Companies, Project SPVs, Public Authorities, Providers, Hosts, Universities, and Communities.\
8.1.7(a) The Nexus Truth Engine may be interoperable with Nexus Observatory, Nexus Network, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Universe, Nexus Competence Cells, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards / Protocol Authority, Global Nexus Consortium, Regional Nexus Consortiums, National Nexus Consortiums, National Working Groups, National Consortium Companies, Project SPVs, public authorities, providers, hosts, sponsors, universities, laboratories, communities, Indigenous institutions, civil society actors, media actors, and capital readers.

8.1.7(b) Interoperability shall mean controlled exchange, reference, routing, comparison, handoff, evidence linkage, method linkage, confidence linkage, correction linkage, vocabulary linkage, dependency linkage, and public-safe summary linkage. It shall not mean legal merger, shared liability, shared treasury, agency, partnership, joint venture, parent-subsidiary status, alter ego status, shared employer status, public authority delegation, finance authority, protocol authority, recognition authority, procurement authority, certification authority, or execution authority.

8.1.7(c) Interoperability with Nexus Observatory shall support observability evidence, node evidence, sensor evidence, AI-RAN signal evidence, DePIN evidence, geospatial evidence, cyber telemetry, digital twin assumptions, dashboard methods, public-safe evidence outputs, confidence treatment, uncertainty treatment, public-safe classification, and correction routing without making GCRI Canada an infrastructure operator, emergency commander, or public warning authority.

8.1.7(d) Interoperability with GRF shall support evidence inputs, method inputs, public-safe reporting inputs, Docket inputs, Grid inputs, recognition-supporting evidence inputs, maturity-supporting evidence inputs, claims-discipline support, and correction records without making GCRI Canada the issuer of GRF recognition, standing, maturity records, claims determinations, stakeholder formation, public-facing legitimacy, or public-safe reporting status.

8.1.7(e) Interoperability with GRA shall support evidence inputs, risk evidence, host readiness evidence, node evidence, Proof Pack components, insurance-readiness inputs, capital-reader literacy inputs, RNFD inputs, NFD inputs, UNFSD inputs, and correction records without making GCRI Canada the issuer of finance-readiness, capital-readiness, insurance-readiness, investment advice, underwriting, lending, ratings, guarantees, public finance approval, or capital commitments.

8.1.7(f) Interoperability with Nexus Standards / Protocol Authority shall support evidence requirements, method profiles, ontologies, schemas, controlled vocabulary, technical baselines, proof-receipt logic, public-good software, reference architectures, conformance-supporting tools, and correction records without making GCRI Canada the issuer of protocol effect, role keys, smart licenses, entitlement states, conformance determinations, certification, or external force.

8.1.7(g) Interoperability with National Consortium Companies, Project SPVs, providers, hosts, and enterprise-stack actors shall support evidence understanding, technical baseline interpretation, observability methods, public-safe outputs, and correction records without creating execution authority, asset ownership, operational control, investment recommendation, procurement preference, provider endorsement, finance-readiness, rating, guarantee, or market consequence by GCRI Canada.

8.1.7(h) Interoperability with public authorities shall support public authority learning, evidence literacy, technical literacy, AI literacy, cyber literacy, systems-risk understanding, public-safe interpretation, and correction records without creating public authority delegation, public adoption, regulatory approval, procurement approval, funding approval, public finance approval, official guidance, public warning, emergency command, or sovereign obligation.

8.1.7(i) Interoperability with universities, laboratories, communities, Indigenous institutions, civil society actors, and media actors shall support research integrity, technical challenge, community safeguards, protected knowledge handling, public-safe communication, public legibility, and correction without creating governance capture, public voice confusion, protected knowledge misuse, or public overclaim.

8.1.7(j) The controlling rule shall be that the Nexus Truth Engine may interoperate widely only by preserving role boundaries, records, public-safe controls, dependency tracking, and correction paths at every interface.

***

8.1.8 Nexus Truth Engine as Not an Absolute Oracle, Final Arbiter, Official Truth Source, Public Law Source, or Unchallengeable Determination.\
8.1.8(a) The Nexus Truth Engine shall not be represented or treated as an absolute oracle, final arbiter, official truth source, public law source, sovereign truth source, regulatory truth source, market truth source, public authority finding, public warning source, certification source, finance-readiness source, recognition source, protocol authority source, or unchallengeable determination.

8.1.8(b) The Nexus Truth Engine shall not produce truth by institutional assertion, automation, AI output, dashboard presentation, model confidence, majority agreement, sponsor funding, provider documentation, public authority attendance, media repetition, blockchain anchoring, DePIN proof, proof receipt, or technical display.

8.1.8(c) Nexus Truth Engine outputs shall remain evidence artifacts whose meaning depends on source authority, source lineage, method, confidence, uncertainty, limitations, classification, review, public-safe status, audience, permitted use, prohibited use, boundary language, and correction path.

8.1.8(d) A Nexus Truth Engine output may be strong, useful, technically sophisticated, widely relied upon, public-safe, or highly confidence-supported without becoming final, absolute, legal, public authority, financial, certification, recognition, protocol, procurement, or execution authority.

8.1.8(e) Disagreement, challenge, dispute, uncertainty, missing data, conflicting evidence, stale evidence, correction, downgrade, supersession, withdrawal, or retraction shall not be treated as system failure. Such conditions are part of responsible public-good truth stewardship.

8.1.8(f) Where a Nexus Truth Engine output is presented or perceived as final, official, oracle-like, unchallengeable, public authority-backed, finance-backed, recognition-backed, protocol-effective, certification-like, or execution-ready, GCRI Canada shall correct, relabel, restrict, reissue, withdraw, or clarify the output as appropriate.

8.1.8(g) No public material, interface, dashboard, map, API, repository, technical baseline, evidence pack, decision pack, public authority material, finance-facing material, provider material, sponsor material, Nexus material, Academy material, media statement, or AI-generated summary shall describe the Nexus Truth Engine in a manner inconsistent with the non-oracle rule.

8.1.8(h) The controlling rule shall be that the Nexus Truth Engine exists to make truth claims more disciplined, not to make them unchallengeable.

***

8.1.9 Nexus Truth Engine as a Public-Good Methods Domain Stewarded by GCRI Canada Within Its Non-Executing Boundary.\
8.1.9(a) GCRI Canada shall steward the Nexus Truth Engine as a public-good methods domain within GCRI Canada’s non-executing boundary.

8.1.9(b) GCRI Canada’s stewardship may include method design, method registration, evidence-category design, confidence logic, uncertainty logic, source-comparison logic, dispute logic, correction logic, ontology support, controlled vocabulary support, public-safe publication support, technical documentation, public-good software support, AI-governance support, model-governance support, observability-method support, interface support, and correction assurance.

8.1.9(c) GCRI Canada’s stewardship of the Nexus Truth Engine shall remain distinct from GRF recognition, GRA finance-readiness, Protocol Authority effect, public authority decision-making, procurement decisions, certification decisions, provider selection, sponsor control, National Company execution, Project SPV execution, regulated professional advice, financial activity, market activity, emergency command, public warning, and infrastructure operation.

8.1.9(d) GCRI Canada may maintain or contribute to Nexus Truth Engine public-good software, schemas, APIs, reference architectures, technical baselines, evidence-class logic, confidence logic, and correction tools, provided that such technical stewardship does not create protocol authority, certification, recognition, finance-readiness, public authority meaning, provider preference, sponsor control, procurement advantage, market infrastructure, or execution authority.

8.1.9(e) Nexus Truth Engine methods shall be stewarded as public-good assets subject to anti-capture, anti-enclosure, anti-drift, anti-substitution, public-good stack separation, enterprise-stack separation, privacy, cybersecurity, sovereign data, protected knowledge safeguards, public-safe publication, validity-by-record, and correctionability.

8.1.9(f) Sponsors, donors, funders, providers, hosts, public authorities, capital readers, universities, technical contributors, AI model providers, cloud providers, repository maintainers, or other participants may support Nexus Truth Engine methods only under support-without-control, provider-neutrality, public-safe, records-valid, and correctionable conditions.

8.1.9(g) Where stewardship of Nexus Truth Engine methods creates risk of authority inflation, public authority confusion, finance overclaim, provider preference, sponsor control, protocol drift, certification drift, recognition drift, procurement implication, market reliance, or execution by stealth, GCRI Canada shall narrow, reclassify, restrict, correct, hand off, or refuse the activity.

8.1.9(h) The controlling rule shall be that GCRI Canada may steward Truth Engine methods only so long as stewardship remains public-good, non-executing, role-bounded, and correctionable.

***

8.1.10 Nexus Truth Engine Outputs as Record-Bound Artifacts Whose Meaning Depends on Source Authority, Method, Review, Status, Audience, and Boundary Language.\
8.1.10(a) Nexus Truth Engine outputs shall be record-bound artifacts whose meaning depends on source authority, method, review, status, audience, boundary language, confidence, uncertainty, limitations, public-safe classification, access class, handling class, permitted use, prohibited use, dependency links, and correction path.

8.1.10(b) Nexus Truth Engine outputs may include evidence comparison records, source comparison records, confidence notes, uncertainty notes, contradiction flags, corroboration flags, dispute flags, stale-evidence flags, missing-evidence flags, spoof-risk flags, correction triggers, routing notes, public-safe summaries, controlled summaries, dashboard indicators, map indicators, Evidence Pack inputs, Decision Pack inputs, Docket inputs, Grid inputs, Observatory inputs, Rails handoff notes, GRF input notes, GRA input notes, Protocol Authority support notes, public authority learning notes, and public claim support notes.

8.1.10(c) Each material Nexus Truth Engine output shall identify or link to, where appropriate, the evidence records used, source lineage, method records, dataset records, model records, observability records, ontology terms, confidence treatment, uncertainty treatment, limitation treatment, review status, public-safe status, audience, intended use, prohibited use, and correction path.

8.1.10(d) Audience shall be part of meaning. A controlled-room output, public authority learning output, GRF-facing output, GRA-facing output, Protocol Authority-facing output, provider-facing output, sponsor-facing output, community-facing output, finance-facing output, Board-facing output, public-safe output, or public output shall not be assumed to carry the same meaning, permitted use, boundary condition, or disclosure status.

8.1.10(e) Status shall be part of meaning. Draft, experimental, pilot, internal, controlled, public-safe, released, restricted, disputed, corrected, superseded, withdrawn, retracted, downgraded, suspended, reinstated, retired, and archived outputs shall be distinguished.

8.1.10(f) Boundary language shall be part of meaning. A Nexus Truth Engine output shall state or preserve, where material, that it does not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.1.10(g) Where a Nexus Truth Engine output is re-used, excerpted, summarized, translated, embedded, visualized, published, routed, exported, included in a dashboard, included in a map, used in a Decision Pack, used in an Evidence Pack, incorporated into public-safe output, or referenced in public claims, the receiving use shall preserve source authority, method, review, status, audience limits, boundary language, and correction path.

8.1.10(h) The controlling rule shall be that Nexus Truth Engine outputs do not mean what readers wish them to mean; they mean only what their records, methods, status, audience, limitations, and boundary language permit.

### 8.2 GCRI Canada’s Truth Engine Methods Role

8.2.1 GCRI Canada as Steward of Truth Engine Methods, Not Sole Owner of Truth.\
8.2.1(a) GCRI Canada shall serve as steward of Nexus Truth Engine methods within its public-benefit, non-executing, evidence-and-methods mandate, and shall not be treated as the sole owner of truth, the final arbiter of truth, the public law source of truth, the market source of truth, the official public authority source of truth, or the exclusive institutional source through which all truth claims must pass.

8.2.1(b) GCRI Canada’s Truth Engine methods role shall consist of disciplined stewardship of methods, evidence classes, source comparison logic, confidence rules, corroboration logic, dispute logic, correction triggers, ontology, controlled vocabulary, schemas, data dictionaries, AI-readable knowledge structures, public-safe output methods, model governance, evaluation records, and correction pathways.

8.2.1(c) GCRI Canada may design, maintain, test, publish in public-safe form, restrict, correct, supersede, withdraw, retire, archive, or support adoption of Truth Engine methods, provided that such activities remain evidence-supporting, method-supporting, public-good, records-valid, reviewable, challengeable, and correctionable.

8.2.1(d) GCRI Canada’s stewardship shall not displace local truth, public authority truth, community truth, Indigenous or protected knowledge context, technical source context, legal context, scientific challenge, public-safe limits, or the lawful authority of competent downstream actors.

8.2.1(e) Truth Engine methods shall not create institutional monopoly over evidence interpretation. GCRI Canada shall preserve challenge, dissent, minority evidence, disputed evidence, local context, jurisdictional context, community context, source limitations, uncertainty, and correction pathways.

8.2.1(f) GCRI Canada shall not allow its Truth Engine methods role to be used to suppress legitimate disagreement, foreclose lawful public authority judgment, replace GRF recognition processes, replace GRA finance-readiness processes, replace Protocol Authority processes, override public authority duties, privilege sponsors or providers, or create execution consequence by implication.

8.2.1(g) Where GCRI Canada’s stewardship of Truth Engine methods is described by participants, sponsors, providers, public authorities, capital readers, media, Nexus entities, or downstream actors as ownership of truth, final authority, official approval, recognition, finance-readiness, certification, public authority determination, or execution clearance, GCRI Canada shall correct, clarify, restrict, or withdraw the misleading description.

8.2.1(h) The controlling rule shall be that GCRI Canada stewards methods for disciplined truth treatment, but truth remains record-bound, context-bound, source-bound, challengeable, and correctionable.

***

8.2.2 Stewardship of Evidence Classes, Source Comparison Logic, Confidence Rules, Corroboration Logic, Dispute Logic, Correction Triggers, and Public-Safe Output Methods.\
8.2.2(a) GCRI Canada shall steward Truth Engine evidence classes, source comparison logic, confidence rules, corroboration logic, dispute logic, correction triggers, and public-safe output methods as public-good methods infrastructure within the Evidence Rail.

8.2.2(b) Evidence classes stewarded for Truth Engine purposes may include scientific evidence, technical evidence, observational evidence, sensor evidence, AI-RAN and telecommunications signal evidence, DePIN evidence, cyber evidence, geospatial evidence, Earth observation evidence, digital twin evidence, simulation evidence, public authority context evidence, community evidence, Indigenous and local knowledge evidence, field evidence, operator evidence, host evidence, provider evidence, sponsor-supplied evidence, university or laboratory evidence, documentary evidence, legal-context evidence, public records, finance-readiness input evidence, risk evidence, resilience evidence, infrastructure evidence, WEFH evidence, health evidence, climate evidence, energy evidence, supply-chain evidence, and public trust evidence.

8.2.2(c) Source comparison logic shall address, where material, source identity, source independence, source conflict, source authority, source reliability, provenance, custody, permissions, licensing, lawful basis, consent or non-consent treatment where applicable, public authority authority, community authority, Indigenous or protected knowledge context, source completeness, source bias, source recency, source consistency, and source limitations.

8.2.2(d) Confidence rules shall address evidence quality, method quality, completeness, timeliness, calibration, reproducibility, corroboration, contradiction, source independence, missing data, stale data, disputed data, model dependence, AI dependence, sensor quality, spoof risk, cyber integrity, geospatial precision, benchmark conditions, and public-safe status.

8.2.2(e) Corroboration logic shall distinguish corroboration, triangulation, replication, independent confirmation, partial support, contextual support, weak support, unverified support, conflicting support, source-dependent support, model-dependent support, and unsupported assertion.

8.2.2(f) Dispute logic shall identify contested evidence, incompatible sources, unresolved uncertainty, conflicting methods, contradictory signals, stale records, disputed classifications, public authority disagreement, community challenge, protected knowledge concerns, provider-supplied disputes, sponsor-supplied disputes, and downstream reliance concerns.

8.2.2(g) Correction triggers shall include source-lineage defects, data errors, method errors, confidence defects, uncertainty defects, classification errors, public-safe errors, ontology errors, model errors, observability errors, dashboard errors, map errors, overclaims, boundary risks, privacy risks, cybersecurity risks, sovereign data risks, protected knowledge risks, community harm risks, public authority ambiguity, finance overclaim, provider preference, sponsor influence, and Nexus role confusion.

8.2.2(h) Public-safe output methods shall determine how Truth Engine outputs may be summarized, redacted, aggregated, generalized, withheld, restricted, published, corrected, superseded, withdrawn, retracted, or reissued without creating unsafe disclosure, false certainty, public authority confusion, finance overclaim, provider preference, sponsor control, public warning implication, or execution consequence.

8.2.2(i) The controlling rule shall be that Truth Engine methods must discipline how evidence is compared, weighted, disputed, corrected, and communicated without converting method outputs into authority.

***

8.2.3 Stewardship of Truth Engine Ontology, Controlled Vocabulary, Schemas, Data Dictionaries, and AI-Readable Knowledge Structures.\
8.2.3(a) GCRI Canada shall steward Truth Engine ontology, controlled vocabulary, schemas, data dictionaries, semantic mappings, crosswalks, equivalence notes, divergence logs, localization notes, compatibility notes, and AI-readable knowledge structures.

8.2.3(b) Truth Engine ontology shall support consistent treatment of evidence classes, source types, method types, confidence states, uncertainty states, dispute states, correction states, public-safe states, access classes, handling classes, technology domains, risk domains, public authority contexts, finance-facing contexts, provider contexts, sponsor contexts, community contexts, Nexus interface states, and downstream dependency states.

8.2.3(c) Controlled vocabulary shall govern terms including evidence, source, lineage, provenance, custody, verified, validated, corroborated, disputed, corrected, superseded, withdrawn, retracted, confidence, uncertainty, limitation, public-safe, restricted, decision-grade, technical truth, recognition, finance-readiness, maturity, standing, certification, protocol effect, proof receipt, Docket, Grid, Observatory, Truth Engine, AI-assisted, model output, dashboard output, public authority, provider, sponsor, host, public-good stack, enterprise stack, non-execution, and correctionability.

8.2.3(d) Schemas and data dictionaries shall identify, where material, required fields, optional fields, prohibited fields, source fields, method fields, confidence fields, uncertainty fields, classification fields, public-safe fields, access fields, handling fields, correction fields, dependency fields, boundary-language fields, and archive fields.

8.2.3(e) AI-readable knowledge structures shall be designed to preserve role separation, source lineage, public-safe status, classification, access controls, confidence, uncertainty, limitations, permitted use, prohibited use, and correction paths when used for retrieval, summarization, classification, comparison, routing, or public-safe drafting support.

8.2.3(f) Truth Engine ontology and AI-readable structures shall not encode or imply authority beyond the record. Schema fields, metadata labels, badges, categories, scores, status names, API responses, and machine-readable outputs shall not create certification, recognition, finance-readiness, public authority meaning, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.2.3(g) Where ontology, controlled vocabulary, schemas, data dictionaries, translations, localization notes, mappings, or AI-readable knowledge structures create ambiguity, overclaim, unsafe inference, public authority confusion, finance-facing confusion, provider preference, sponsor control, protected knowledge risk, or public-safe risk, GCRI Canada shall correct, restrict, supersede, withdraw, or reissue the relevant semantic structure.

8.2.3(h) The controlling rule shall be that Truth Engine meaning must be governed at the semantic layer because uncontrolled language and machine-readable labels can create authority by stealth.

***

8.2.4 Stewardship of Truth Engine Model Governance, Inference Records, Evaluation Harnesses, and Benchmark Cards.\
8.2.4(a) GCRI Canada shall steward Truth Engine model governance, inference records, evaluation harnesses, benchmark cards, system cards, model cards, dataset cards where applicable, test cards, validation-sprint cards, and related technical evidence cards for material Truth Engine systems and methods.

8.2.4(b) Model governance shall address model identity, model type, owner where known, custodian, steward, provider where any, developer where any, version, purpose, scope, training status, fine-tuning status, embedding status, retrieval status, inference status, deployment status, access status, public-safe status, AI-use status, dataset dependencies, benchmark dependencies, evaluation records, human review requirements, permitted use, prohibited use, correction path, supersession path, withdrawal path, retirement path, and archive path.

8.2.4(c) Inference records shall be maintained where material to evidence meaning, public-safe output, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, protected knowledge treatment, community safeguard treatment, correction, or downstream dependency review.

8.2.4(d) Evaluation harnesses shall be used, where appropriate, to test Truth Engine methods, AI-assisted components, retrieval systems, classification systems, source-comparison systems, confidence logic, dispute logic, correction triggers, public-safe output methods, dashboard outputs, map outputs, and integration pathways.

8.2.4(e) Benchmark cards shall identify benchmark purpose, benchmark method, dataset or test corpus, evaluation criteria, conditions, limitations, reproducibility status, baseline comparisons where any, confidence, uncertainty, exclusions, prohibited claims, public-safe status, provider-neutrality status, sponsor non-control status, and correction path.

8.2.4(f) Truth Engine model governance shall address hallucination, bias, drift, unsafe summarization, overconfident classification, missing context, prompt injection, data leakage, unauthorized retrieval, embedding misuse, model dependency, provider dependency, hidden training use, cross-border transfer, protected knowledge misuse, public authority overclaim, finance overclaim, provider preference, sponsor influence, and public-safe publication failure.

8.2.4(g) Model outputs, inference records, evaluation results, benchmark results, system cards, model cards, dataset cards, validation-sprint cards, and technical evidence cards shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.2.4(h) Where a Truth Engine model, evaluation harness, benchmark card, inference record, or related technical evidence card is corrected, challenged, reclassified, restricted, superseded, withdrawn, retired, or archived, affected downstream outputs and dependencies shall be reviewed.

8.2.4(i) The controlling rule shall be that Truth Engine model governance must make automated support inspectable, bounded, testable, challengeable, and correctable.

***

8.2.5 Stewardship of Truth Engine Public-Safe Dashboards, Reports, Summaries, and Controlled Annex Methods.\
8.2.5(a) GCRI Canada shall steward methods for Truth Engine public-safe dashboards, public-safe reports, public-safe summaries, public-safe visualizations, technical notes, controlled annexes, controlled-room outputs, public authority learning materials, finance-facing summaries, provider-facing summaries, sponsor-facing summaries, host-facing summaries, community-facing summaries, Academy materials, and public-safe correction notices.

8.2.5(b) Public-safe dashboard methods shall address dashboard purpose, audience, source records, method records, update frequency, latency, confidence display, uncertainty display, limitations, public-safe status, access class, handling class, geospatial treatment, visual labels, colors, filters, scores, warnings, legends, captions, tooltips, boundary language, correction path, supersession path, withdrawal path, and archive path.

8.2.5(c) Report and summary methods shall address source selection, evidence selection, method selection, redaction, aggregation, generalization, responsible non-disclosure, public-safe framing, confidence language, uncertainty language, limitation language, audience limits, permitted use, prohibited use, public authority boundary language, finance boundary language, provider-neutrality language, sponsor non-control language, recognition boundary language, protocol-effect boundary language, and correction language.

8.2.5(d) Controlled annex methods shall address what may be disclosed only under controlled access, including restricted evidence, public authority evidence, health-sensitive evidence, cyber-sensitive evidence, infrastructure-sensitive evidence, finance-sensitive evidence, commercially sensitive evidence, personal information, rights-bearing data, sovereign data, community-protected data, Indigenous or local knowledge, protected knowledge, controlled technology, source-protected information, and other sensitive material.

8.2.5(e) Truth Engine public-safe dashboards, reports, summaries, and annexes shall not create public warning, emergency command, public authority decision, official guidance, finance-readiness, investment advice, procurement approval, provider endorsement, sponsor approval, recognition, certification, rating, guarantee, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.2.5(f) Where public-safe dashboards, reports, summaries, or controlled annexes use maps, geospatial layers, scores, colors, alerts, risk indicators, resilience indicators, confidence indicators, AI summaries, model outputs, digital twin outputs, DePIN records, sensor records, or proof receipts, GCRI Canada shall ensure that presentation methods do not create false precision, public warning implication, finance implication, provider preference, sponsor validation, public authority confusion, or unbounded public reliance.

8.2.5(g) Where a dashboard, report, summary, annex, visualization, or public-safe output becomes inaccurate, incomplete, stale, unsafe, overbroad, overclaimed, misclassified, misused, or no longer fit for purpose, GCRI Canada shall correct, reclassify, restrict, supersede, withdraw, retract, or reissue the output and review downstream dependencies.

8.2.5(h) The controlling rule shall be that Truth Engine public-safe outputs must make evidence legible without making it unsafe, final, official, financial, certification-like, recognition-like, or executable.

***

8.2.6 Truth Engine Methods Support to GRF Without Issuing Recognition, Standing, Claims Approval, Maturity Records, or Public-Facing Legitimacy.\
8.2.6(a) GCRI Canada may provide Truth Engine methods support to The Global Risks Forum (GRF), including evidence classes, source comparison logic, confidence rules, corroboration logic, dispute logic, correction triggers, public-safe output methods, ontology support, controlled vocabulary, Docket inputs, Grid inputs, recognition-supporting evidence inputs, maturity-context evidence inputs, claims-discipline support, and public-safe reporting support.

8.2.6(b) Truth Engine methods support to GRF shall remain technical evidence and methods support. It shall not constitute GRF recognition, standing, maturity record, claims approval, stakeholder formation, public-facing legitimacy, public-safe reporting status, registry status, public claim approval, or any other GRF act by GCRI Canada.

8.2.6(c) GRF shall remain responsible for any GRF recognition, standing, maturity record, claims discipline, public-facing legitimacy, stakeholder formation, public-safe reporting, or registry act created through GRF’s own authority, records, procedures, review, and boundary language.

8.2.6(d) GCRI Canada shall not describe Truth Engine methods support, Evidence Packs, Decision Packs, confidence notes, source-comparison outputs, dispute flags, correction triggers, Docket inputs, Grid inputs, or public-safe summaries as GRF approval unless GRF has separately created the relevant status through its own proper record.

8.2.6(e) Truth Engine methods support to GRF shall preserve source lineage, method records, confidence, uncertainty, limitations, public-safe status, access class, handling class, permitted use, prohibited use, correction path, supersession path, withdrawal path, retraction path where applicable, and dependency records.

8.2.6(f) Where GCRI Canada materials are incorporated into GRF-facing records, public-facing GRF materials, Docket materials, Grid materials, recognition-supporting materials, or claims-discipline materials, the interface shall preserve role separation between evidence support and GRF public-facing legitimacy.

8.2.6(g) Where a GCRI Canada Truth Engine output is misdescribed as GRF recognition, GRF standing, GRF maturity, GRF claims approval, or GRF public-facing legitimacy, GCRI Canada shall coordinate appropriate correction with GRF where necessary and shall update relevant records.

8.2.6(h) The controlling rule shall be that GCRI Canada may support GRF truth discipline but shall not issue GRF legitimacy.

***

8.2.7 Truth Engine Methods Support to GRA Without Issuing Finance-Readiness, Capital-Readiness, Insurance-Readiness, Routeability, Ratings, Guarantees, or Public Finance Approval.\
8.2.7(a) GCRI Canada may provide Truth Engine methods support to The Global Risks Alliance (GRA), including evidence classes, risk evidence methods, source comparison logic, confidence rules, corroboration logic, dispute logic, correction triggers, public-safe output methods, finance-boundary methods, host readiness evidence inputs, node evidence inputs, Proof Pack component methods, insurance-readiness input methods, capital-reader literacy methods, RNFD input methods, NFD input methods, UNFSD input methods, and correction records.

8.2.7(b) Truth Engine methods support to GRA shall remain technical evidence and methods support. It shall not constitute GRA finance-readiness, capital-readiness, insurance-readiness, routeability, capital suitability, investor suitability, bankability, fundability, investment advice, securities recommendation, brokerage, placement, finder activity, lending, underwriting, insurance placement, rating, guarantee, public finance approval, capital commitment, or any other financial or regulated-market act by GCRI Canada.

8.2.7(c) GRA shall remain responsible for any GRA finance-readiness, capital-readiness, insurance-readiness, capital readability, Proof Pack, capital-reader room, RNFD, NFD, UNFSD, or regulated-perimeter output created through GRA’s own authority, records, procedures, review, and finance-safe boundary language.

8.2.7(d) GCRI Canada shall not describe Truth Engine methods support, Evidence Packs, Decision Packs, risk evidence, confidence notes, source-comparison outputs, dispute flags, correction triggers, Proof Pack inputs, host readiness evidence, node evidence, Rails handoffs, or finance-facing summaries as finance-readiness, capital-readiness, insurance-readiness, investment recommendation, rating, guarantee, public finance approval, or capital commitment.

8.2.7(e) Truth Engine methods support to GRA shall preserve source lineage, method records, confidence, uncertainty, limitations, finance-safe status, public-safe status, access class, handling class, permitted use, prohibited use, correction path, supersession path, withdrawal path, retraction path where applicable, and dependency records.

8.2.7(f) Where GCRI Canada materials are incorporated into GRA-facing records, capital-reader rooms, Proof Packs, insurance-readiness inputs, RNFD inputs, NFD inputs, UNFSD inputs, Rails handoffs, or finance-facing materials, the interface shall preserve role separation between evidence support and finance-readiness.

8.2.7(g) Where a GCRI Canada Truth Engine output is misdescribed as GRA finance-readiness, capital-readiness, insurance-readiness, routeability, rating, guarantee, public finance approval, investment advice, or capital commitment, GCRI Canada shall coordinate appropriate correction with GRA where necessary and shall update relevant records.

8.2.7(h) The controlling rule shall be that GCRI Canada may support GRA evidence discipline but shall not issue finance-readiness or financial consequence.

***

8.2.8 Truth Engine Methods Support to Nexus Standards / Protocol Authority Without Creating Protocol Effect by Default.\
8.2.8(a) GCRI Canada may provide Truth Engine methods support to Nexus Standards / Protocol Authority, including evidence requirements, method profiles, source comparison logic, confidence rules, dispute logic, correction triggers, ontology, controlled vocabulary, schemas, data dictionaries, proof-receipt logic, technical baselines, public-good software, APIs, reference architectures, conformance-supporting tools, evaluation harnesses, benchmark cards, and correction records.

8.2.8(b) Truth Engine methods support to Nexus Standards / Protocol Authority shall remain evidence and methods support. It shall not constitute protocol authority, certification, conformance determination, role key issuance, smart-license issuance, entitlement state, proof-receipt legal effect, external force, legal validity, operational clearance, or protocol effect by default.

8.2.8(c) Nexus Standards / Protocol Authority shall remain responsible for any protocol effect, conformance logic, role keys, smart licenses, proof receipts, entitlement states, anchoring discipline, technical validity surface, external force, or standards effect created through its own authority, instruments, records, procedures, and boundary language.

8.2.8(d) Technical authorship, method authorship, schema authorship, API authorship, repository custody, software maintenance, benchmark support, evaluation support, or proof-receipt support by GCRI Canada shall not create protocol supremacy, certification, conformance status, entitlement, legal effect, public authority meaning, finance-readiness, provider preference, procurement advantage, or execution authority.

8.2.8(e) Truth Engine methods support to Protocol Authority shall preserve source lineage, method records, versioning, review status, confidence, uncertainty, limitations, public-safe status, access class, handling class, permitted use, prohibited use, correction path, supersession path, withdrawal path, retirement path, and dependency records.

8.2.8(f) Where GCRI Canada materials are incorporated into protocol-facing records, technical baselines, schemas, APIs, conformance-supporting tools, proof-receipt templates, smart-license support materials, role-key support materials, or standards-support materials, the interface shall preserve role separation between method support and protocol effect.

8.2.8(g) Where a GCRI Canada Truth Engine method, technical baseline, schema, proof-receipt support artifact, benchmark, evaluation harness, or public-good software artifact is misdescribed as protocol authority, certification, conformance determination, role key, smart license, entitlement state, or external legal effect, GCRI Canada shall coordinate appropriate correction with the relevant Protocol Authority where necessary and shall update relevant records.

8.2.8(h) The controlling rule shall be that GCRI Canada may support protocol truth discipline but shall not create protocol effect by default.

***

8.2.9 Truth Engine Methods Support to Public Authorities Without Creating Public Authority Decisions, Public Warnings, Emergency Commands, or Regulatory Determinations.\
8.2.9(a) GCRI Canada may provide Truth Engine methods support to public authorities for public authority learning, evidence literacy, technical literacy, AI literacy, cyber literacy, scenario learning, systems-risk understanding, public-safe interpretation, source-comparison support, confidence treatment, uncertainty treatment, dispute awareness, correction awareness, and decision-support literacy.

8.2.9(b) Truth Engine methods support to public authorities shall not create public authority decisions, public warnings, emergency commands, regulatory determinations, procurement approvals, funding approvals, public finance approvals, permits, licenses, safe harbors, enforcement positions, official guidance, public adoption, public health orders, public safety directives, sovereign obligations, or delegated public authority.

8.2.9(c) Public authorities shall remain responsible for their own lawful decisions, regulatory actions, procurement actions, funding actions, public finance actions, emergency actions, public warnings, official guidance, public communications, and public accountability through their own authority, procedures, records, legal duties, and public law frameworks.

8.2.9(d) Truth Engine methods support to public authorities shall preserve capacity classification, public authority data classification, lawful basis, permitted use, prohibited use, non-delegation language, non-endorsement language, non-reliance language where appropriate, public-safe status, access status, handling class, confidence, uncertainty, limitations, and correction path.

8.2.9(e) Public authority names, logos, titles, quotes, photos, agency references, jurisdiction references, data contributions, public finance references, regulator-listening references, emergency-management references, and public-sector participation references shall be used only under approved reference controls and shall not imply endorsement, adoption, delegation, procurement approval, funding approval, regulatory approval, public finance approval, official warning, or sovereign obligation.

8.2.9(f) Where Truth Engine outputs are used in public authority learning materials, dashboards, maps, public-safe briefings, controlled annexes, scenario exercises, emergency-management learning, public-sector workshops, or regulator-listening contexts, GCRI Canada shall preserve the distinction between evidence support and public authority action.

8.2.9(g) Where a GCRI Canada Truth Engine method or output is misdescribed as a public authority decision, official warning, emergency command, regulatory determination, procurement approval, funding approval, public finance approval, public adoption, official guidance, or sovereign obligation, GCRI Canada shall correct, clarify, restrict, withdraw, or reissue the relevant material and notify affected public authority interfaces where appropriate.

8.2.9(h) The controlling rule shall be that GCRI Canada may support public authority learning through Truth Engine methods, but public authority remains with public authorities.

***

8.2.10 Truth Engine Methods Support to National Companies, Project SPVs, Providers, and Hosts Without Creating Procurement Preference, Investment Recommendation, Certification, or Execution Authority.\
8.2.10(a) GCRI Canada may provide Truth Engine methods support to National Consortium Companies, Project SPVs, qualified providers, vendors, contractors, hosts, and other enterprise-stack or support actors for evidence understanding, technical baseline interpretation, observability method support, public-safe output support, source-comparison support, confidence treatment, uncertainty treatment, correction routing, and boundary-safe handoff.

8.2.10(b) Truth Engine methods support to National Companies, Project SPVs, providers, and hosts shall not create procurement preference, investment recommendation, certification, recognition, finance-readiness, provider endorsement, sponsor approval, project approval, SPV approval, host approval, public authority endorsement, market allocation, rating, guarantee, operational clearance, infrastructure operation, asset ownership, management authority, financing authority, insurance authority, underwriting authority, or execution authority by GCRI Canada.

8.2.10(c) National Companies and Project SPVs shall remain separate enterprise-stack and execution actors responsible for their own lawful corporate acts, contracts, financing, operations, asset ownership, delivery, compliance, risk, liabilities, public claims, provider relationships, host relationships, and execution decisions.

8.2.10(d) Providers, vendors, and contractors shall remain separate delivery actors and shall not acquire preferred status, procurement advantage, certification, recognition, finance-readiness, maturity, public authority endorsement, or Nexus-compatible status merely by contributing to, testing with, referencing, integrating with, or being evaluated through Truth Engine methods.

8.2.10(e) Hosts shall remain support and context contributors, not owners or controllers of GCRI Canada’s evidence, methods, Truth Engine outputs, public-safe publications, technical baselines, public authority access, provider access, finance-facing materials, or institutional meaning.

8.2.10(f) Truth Engine methods support to National Companies, Project SPVs, providers, and hosts shall preserve role records, interface records, source lineage, method records, data agreements, IP agreements, confidentiality terms, cybersecurity controls, privacy controls, sovereign data controls, public authority boundaries, finance boundaries, provider-neutrality controls, sponsor non-control controls, public claims controls, permitted use, prohibited use, and correction path.

8.2.10(g) Where Truth Engine methods support is used in project materials, provider materials, host materials, SPV materials, National Company materials, demonstrations, validation sprints, pilots, technical baselines, dashboards, maps, investor-facing rooms, public authority rooms, procurement-adjacent materials, or public claims, GCRI Canada shall require boundary language sufficient to prevent procurement preference, investment recommendation, certification, recognition, finance-readiness, provider endorsement, sponsor control, public authority approval, or execution implication.

8.2.10(h) Where a National Company, Project SPV, provider, vendor, contractor, host, sponsor, or other enterprise-stack actor misdescribes Truth Engine methods support as approval, certification, endorsement, procurement advantage, investment recommendation, finance-readiness, public authority support, operational clearance, guarantee, or execution authority, GCRI Canada shall require correction, withdrawal, public-safe clarification, controlled notice, interface suspension, termination, or other remedy as appropriate.

8.2.10(i) The controlling rule shall be that Truth Engine methods may support enterprise-stack understanding only by preserving public-good stack separation and never by converting evidence support into procurement, finance, certification, endorsement, or execution.

### 8.3 Source Comparison Logic

8.3.1 Source Comparison Across Sensors, Reference Sensors, AI-RAN Signals, O-RAN Signals, Private Wireless Signals, DePIN Telemetry, Cyber Logs, Geospatial Data, Earth Observation, Satellite Data, Digital Twins, Operator Observations, Public Authority Context, Community Context, University / Laboratory Outputs, Provider Systems, Sponsor-Supplied Data, and Field Evidence.\
8.3.1(a) GCRI Canada shall steward Source Comparison Logic as a Nexus Truth Engine method for comparing, contextualizing, corroborating, challenging, routing, and correcting evidence across heterogeneous sources, including sensors, reference sensors, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, cyber logs, geospatial data, Earth observation, satellite data, digital twins, operator observations, public authority context, community context, university and laboratory outputs, provider systems, sponsor-supplied data, host inputs, field evidence, public records, documentary evidence, historical records, and model-based outputs.

8.3.1(b) Source Comparison Logic shall support the determination of whether sources are consistent, independent, mutually dependent, partially corroborating, contradictory, stale, incomplete, spoofed, corrupted, biased, context-limited, permission-limited, method-limited, public-safe limited, legally restricted, or unsuitable for the proposed evidence use.

8.3.1(c) Source Comparison Logic shall not presume equivalence among sources merely because they address the same subject, domain, asset, location, hazard, technology, event, system, project, node, cluster, provider, public authority context, community context, or Nexus interface. Each source shall be compared according to its source type, origin, method, custody, context, resolution, latency, confidence, uncertainty, limitation, permission, classification, and correction path.

8.3.1(d) Source Comparison Logic may compare signals and records across technical, human, institutional, community, and automated systems, provided that comparison does not erase local meaning, Indigenous or protected knowledge context, public authority context, rights-bearing data status, sovereign data restrictions, public-safe limits, source permissions, confidentiality obligations, or source-specific uncertainty.

8.3.1(e) Source Comparison Logic shall distinguish reference sources, primary sources, secondary sources, derived sources, machine-generated sources, human-generated sources, public authority sources, community sources, Indigenous or local knowledge sources, provider sources, sponsor sources, host sources, academic sources, field sources, public records, and historical sources.

8.3.1(f) No source comparison output shall create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.3.1(g) Where Source Comparison Logic is used in Evidence Packs, Decision Packs, Truth Engine outputs, Observatory outputs, dashboards, maps, Docket records, Grid records, Rails handoffs, GRF inputs, GRA inputs, Protocol Authority support, public authority materials, finance-facing materials, provider materials, sponsor materials, host materials, community-facing materials, Academy materials, public-safe reports, technical baselines, public-good software, or public claims, the comparison shall be records-valid, method-supported, limitation-aware, and correctionable.

8.3.1(h) The controlling rule shall be that source comparison is a disciplined method for understanding evidence relationships, not a mechanism for converting multiple sources into automatic truth or authority.

***

8.3.2 Source Independence, Source Conflict, Source Reliability, Source Timeliness, Source Permission, Source Bias, and Source Completeness.\
8.3.2(a) Source Comparison Logic shall evaluate source independence, source conflict, source reliability, source timeliness, source permission, source bias, and source completeness as material attributes of evidence quality and confidence.

8.3.2(b) Source independence shall assess whether sources are genuinely independent or whether they depend on the same sensor, dataset, provider system, model, public authority feed, sponsor-supplied material, field team, vendor platform, repository, methodology, publication, public record, media narrative, AI-generated summary, or underlying source.

8.3.2(c) Source conflict shall assess whether sources contradict each other, partially diverge, use incompatible methods, describe different time windows, operate at different spatial resolutions, rely on different assumptions, use different definitions, reflect different jurisdictional contexts, or encode different community, public authority, provider, sponsor, or technical perspectives.

8.3.2(d) Source reliability shall assess source integrity, provenance, custody, calibration, validation, reputation for accuracy where relevant, method discipline, historical performance, review status, reproducibility, tamper resistance, spoof resistance, cyber integrity, documentation quality, source transparency, and correction history.

8.3.2(e) Source timeliness shall assess recency, latency, update frequency, stale status, event relevance, time-zone treatment, version currency, supersession status, withdrawal status, retraction status, archive status, and whether a source remains fit for the evidence question at the time of use.

8.3.2(f) Source permission shall assess lawful basis, consent or non-consent where applicable, license, data-sharing authority, public authority authority, community authority, Indigenous or protected knowledge authority, confidentiality restrictions, publication restrictions, AI-use restrictions, transfer restrictions, derivative-use restrictions, and public-safe release status.

8.3.2(g) Source bias shall assess whether source selection, source framing, data collection, method design, dashboard design, model training, sampling, omission, public authority position, sponsor interest, provider interest, host interest, capital-reader interest, media framing, academic incentives, or community context may materially affect evidence interpretation.

8.3.2(h) Source completeness shall assess whether the source covers the relevant time, place, population, system, asset, event, hazard, technology, infrastructure, community, public authority context, provider context, sponsor context, and evidence question, and whether gaps, missing fields, missing data, blind spots, exclusions, redactions, or inaccessible annexes materially affect confidence.

8.3.2(i) Where source independence, conflict, reliability, timeliness, permission, bias, or completeness cannot be adequately established, the source comparison output shall reflect such uncertainty and shall not overstate evidence strength.

8.3.2(j) The controlling rule shall be that sources are not strengthened by being numerous unless their independence, reliability, permission, timeliness, completeness, bias, and conflict status support the comparison.

***

8.3.3 Machine-Generated Source Treatment.\
8.3.3(a) Source Comparison Logic shall apply specific treatment to machine-generated sources, including sensor outputs, reference sensor outputs, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, cyber logs, system logs, geospatial layers, Earth observation outputs, satellite data, digital twin outputs, simulation outputs, model outputs, AI-generated summaries, automated classifications, dashboard states, proof receipts, blockchain anchors, smart-contract logs, and other machine-produced records.

8.3.3(b) Machine-generated sources shall be evaluated for system identity, device identity, model identity, software version, firmware version where applicable, sensor calibration, clock integrity, location integrity, network integrity, custody, access control, logging integrity, tamper resistance, spoof resistance, cyber integrity, data pipeline integrity, transformation method, aggregation method, inference method, and output limitation.

8.3.3(c) Machine-generated sources shall be evaluated for automation bias, false precision, silent preprocessing, hidden filtering, vendor dependency, model dependency, training-data limits, retrieval limits, dashboard design bias, alert threshold bias, telemetry loss, clock drift, sensor drift, model drift, calibration drift, and pipeline drift.

8.3.3(d) AI-generated or model-generated sources shall not be treated as primary evidence merely because they are fluent, scored, probabilistic, visually persuasive, or generated from large-scale systems. Their evidentiary status shall depend on model record, dataset record, inference record, retrieval record where material, human review where material, source grounding, method, confidence, uncertainty, limitations, and public-safe status.

8.3.3(e) Blockchain entries, DePIN records, hashes, anchors, tokens, smart-contract events, proof receipts, or tamper-evident records shall not be treated as truthful merely because they are time-stamped, signed, distributed, immutable, or cryptographically verifiable. They may evidence that a record or event was asserted, anchored, signed, or transmitted, but shall not by default evidence that the underlying claim is true, complete, lawful, public-safe, authorized, or fit for purpose.

8.3.3(f) Machine-generated sources involving personal information, rights-bearing data, location data, public authority data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, community-protected data, Indigenous or protected knowledge, or controlled technology shall be subject to heightened classification, access, privacy, cybersecurity, sovereign data, protected knowledge, and public-safe controls.

8.3.3(g) Where machine-generated sources are spoofed, corrupted, interrupted, miscalibrated, adversarially manipulated, incomplete, stale, model-drifted, sensor-drifted, pipeline-drifted, or suspected of compromise, Source Comparison Logic shall flag the condition and route affected evidence for review, reclassification, correction, restriction, supersession, withdrawal, or incident handling as appropriate.

8.3.3(h) The controlling rule shall be that machine generation may improve scale, speed, and repeatability, but it does not eliminate the need for source lineage, method review, human judgment where material, safeguards, and correction.

***

8.3.4 Human-Generated Source Treatment.\
8.3.4(a) Source Comparison Logic shall apply specific treatment to human-generated sources, including field observations, operator observations, expert judgments, researcher notes, public authority statements, community statements, Indigenous or local knowledge contributions, host observations, provider submissions, sponsor submissions, participant reports, interview notes, workshop records, council records, advisory notes, media statements, public comments, and documentary narratives.

8.3.4(b) Human-generated sources shall be evaluated for role, authority, competence, proximity to the event or subject, observation context, time of observation, method of recording, source independence, conflicts of interest, incentives, pressure, memory limits, translation issues, interpretation issues, cultural context, community context, public authority context, confidentiality, consent or non-consent where applicable, and correction path.

8.3.4(c) Human-generated sources shall not be dismissed merely because they are qualitative, local, experiential, community-based, Indigenous, narrative, contextual, or non-instrumental. Their evidentiary treatment shall depend on source context, authority, safeguards, relevance, corroboration where appropriate, limitations, public-safe status, and permitted use.

8.3.4(d) Human-generated sources shall not be over-weighted merely because they come from senior officers, public officials, renowned experts, sponsors, funders, providers, media figures, founders, directors, professors, technical leaders, or persons with high public visibility. Institutional prestige shall not substitute for source lineage, method, review, and conflict treatment.

8.3.4(e) Expert judgment shall be distinguished from direct observation, institutional opinion, professional opinion, regulated professional advice, public authority determination, sponsor view, provider claim, and community testimony. Where regulated professional advice is implicated, GCRI Canada shall apply applicable boundary controls and shall not convert evidence treatment into regulated professional opinion by default.

8.3.4(f) Human-generated sources involving vulnerable persons, protected participants, confidential sources, whistleblowers, youth, public officials in sensitive roles, communities at risk, Indigenous or local knowledge holders, protected knowledge holders, or persons exposed to retaliation shall receive appropriate confidentiality, redaction, access, public-safe, and do-no-harm treatment.

8.3.4(g) Where human-generated sources conflict, Source Comparison Logic shall not resolve conflict by title, seniority, reputation, institutional power, sponsor relationship, provider relationship, public authority rank, media salience, or majority narrative alone. The conflict shall be assessed through source context, evidence support, method, independence, corroboration, limitation, and correction pathway.

8.3.4(h) The controlling rule shall be that human-generated sources are essential to public-good evidence, but they must be handled with context, safeguards, conflict awareness, and records-valid discipline.

***

8.3.5 Public Authority Source Treatment.\
8.3.5(a) Source Comparison Logic shall apply specific treatment to public authority sources, including public authority data, public records, official reports, regulatory materials, emergency-management materials, public health materials, infrastructure materials, public finance materials, procurement materials, administrative data, public-sector dashboards, public authority statements, regulator-listening inputs, and public authority participation records.

8.3.5(b) Public authority sources shall be evaluated for authority, jurisdiction, legal status, publication status, official or non-official character, draft or final status, public or restricted status, statutory context, administrative context, policy context, capacity classification, data authority, permitted use, prohibited use, confidentiality, public-safe status, public authority reference approval, and correction path.

8.3.5(c) Public authority participation, attendance, data contribution, verbal comment, workshop statement, regulator-listening presence, emergency-management presence, public finance presence, procurement presence, or technical learning participation shall not be treated as public authority endorsement, public adoption, official guidance, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, or sovereign obligation.

8.3.5(d) Public authority sources may carry high evidentiary relevance for legal, jurisdictional, public administration, infrastructure, emergency, health, environment, finance, procurement, or civic context, but such relevance shall not convert GCRI Canada into a public authority or make GCRI Canada outputs public authority decisions.

8.3.5(e) Where public authority sources conflict with community sources, technical sources, provider sources, public records, field evidence, or other public authority sources, Source Comparison Logic shall preserve the conflict, identify the context, record limitations, and route the matter for appropriate review rather than treating official status as automatic resolution.

8.3.5(f) Public authority data involving personal information, sensitive public-sector information, emergency information, health information, critical infrastructure information, procurement information, public finance information, regulatory information, law-enforcement-sensitive information, national security-sensitive information, or restricted administrative information shall be subject to heightened access, classification, privacy, cybersecurity, lawful-use, and public-safe controls.

8.3.5(g) Public authority sources used in public-safe outputs, dashboards, maps, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority support, Docket records, Grid records, Rails handoffs, provider-facing materials, sponsor-facing materials, finance-facing materials, or public claims shall carry appropriate non-delegation, non-endorsement, non-warning, non-procurement, non-finance, and public-safe boundary language where material.

8.3.5(h) The controlling rule shall be that public authority sources may inform evidence, but only public authorities create public authority acts through their own lawful processes.

***

8.3.6 Community, Indigenous, Local, Territorial, Cultural, Environmental, and Protected Knowledge Source Treatment.\
8.3.6(a) Source Comparison Logic shall apply specific treatment to community, Indigenous, local, territorial, cultural, environmental, and protected knowledge sources, including community observations, Indigenous knowledge, local knowledge, territorial knowledge, cultural site knowledge, environmental knowledge, traditional ecological knowledge, lived experience, community risk information, community resilience information, informal infrastructure knowledge, protected knowledge, and knowledge shared under conditions of trust.

8.3.6(b) Such sources shall be treated as rights-bearing, context-bearing, relationship-bearing, and safeguard-bearing sources, not merely as extractive data inputs. Their use shall be governed by authority, consent or non-consent where applicable, community protocol, Indigenous protocol where applicable, cultural context, permitted use, prohibited use, access limits, public-safe limits, withdrawal or challenge pathways where applicable, and do-no-harm controls.

8.3.6(c) Source Comparison Logic shall not flatten community, Indigenous, local, territorial, cultural, environmental, or protected knowledge into generic evidence categories where doing so would erase context, expose sensitive knowledge, misrepresent authority, permit extraction, enable public harm, or breach trust.

8.3.6(d) Where such sources relate to sensitive sites, sacred sites, cultural sites, environmental vulnerabilities, community vulnerabilities, informal survival systems, health-sensitive conditions, migration routes, water sources, food systems, energy systems, local hazards, infrastructure dependencies, or protected persons, GCRI Canada shall apply public-safe mapping, aggregation, redaction, access restriction, controlled annex, or responsible non-disclosure as appropriate.

8.3.6(e) Source comparison involving community or Indigenous sources shall not resolve conflict by subordinating local knowledge to technical instrumentation, public authority records, provider data, sponsor data, academic outputs, or AI-generated summaries merely because those sources appear more formal, quantitative, or machine-readable.

8.3.6(f) Where community or Indigenous sources conflict with other sources, Source Comparison Logic shall record the conflict, preserve context, identify limitations, assess public-safe treatment, and route the matter through appropriate safeguards, community, Indigenous, public authority, legal, or technical review where material.

8.3.6(g) Public-safe outputs derived from community, Indigenous, local, territorial, cultural, environmental, or protected knowledge shall not expose protected persons, sensitive places, cultural knowledge, environmental vulnerabilities, community-protected information, confidential sources, or retaliatory risk.

8.3.6(h) The controlling rule shall be that community and Indigenous knowledge may be essential to truth, but truth treatment must never become extraction, exposure, erasure, or harm.

***

8.3.7 Provider and Sponsor Source Treatment With Conflict and Influence Controls.\
8.3.7(a) Source Comparison Logic shall apply specific treatment to provider-supplied, vendor-supplied, contractor-supplied, sponsor-supplied, donor-supplied, funder-supplied, host-supplied, and capital-reader-supplied sources.

8.3.7(b) Provider sources may include system logs, technical documentation, architecture diagrams, test results, benchmark claims, validation-sprint materials, dashboards, datasets, model cards, system cards, security documents, compliance materials, deployment observations, field reports, incident reports, service records, product claims, and technical representations.

8.3.7(c) Sponsor, donor, funder, host, or capital-reader sources may include funding reports, program narratives, impact claims, host context, site data, facility information, finance-facing materials, public authority access descriptions, project materials, public claims, event materials, and support-related materials.

8.3.7(d) Provider and sponsor source treatment shall include conflict review, influence review, financial-interest review, procurement-risk review, market-advantage review, publication-influence review, method-influence review, data-selection review, benchmark-design review, omission review, public-claims review, and dependency review.

8.3.7(e) Provider or sponsor sources shall not be rejected solely because they are provider-supplied or sponsor-supplied, but they shall not be treated as independent, neutral, complete, authoritative, public authority-approved, finance-ready, certified, recognized, or procurement-relevant without appropriate records, corroboration where needed, conflicts treatment, limitations, and boundary language.

8.3.7(f) Provider benchmarks, sponsor impact claims, host readiness claims, vendor performance claims, implementation claims, technical maturity claims, finance-facing claims, or public authority access claims shall be compared against independent sources where feasible and shall preserve limitations where independent comparison is unavailable.

8.3.7(g) Where provider or sponsor source treatment reveals influence risk, outcome purchase risk, provider preference risk, sponsor control risk, public authority access purchase risk, finance overclaim, procurement implication, benchmark manipulation, selective disclosure, or public claim overreach, GCRI Canada shall route the source or affected output to restriction, conflict disclosure, additional review, correction, reclassification, withdrawal, retraction, interface revision, or refusal as appropriate.

8.3.7(h) The controlling rule shall be that provider and sponsor sources may inform evidence, but they must never buy, steer, suppress, certify, recognize, finance, or execute institutional truth.

***

8.3.8 Comparison of Raw Data, Processed Data, Model Outputs, Expert Judgments, Public Records, Field Observations, and Historical Records.\
8.3.8(a) Source Comparison Logic shall distinguish raw data, processed data, derived data, model outputs, AI outputs, expert judgments, public records, field observations, operator observations, community observations, laboratory outputs, public authority records, provider records, sponsor records, media records, and historical records.

8.3.8(b) Raw data shall be compared with attention to source, collection method, calibration, completeness, timestamp, location, custody, permissions, data class, quality, missingness, corruption, and transformation requirements.

8.3.8(c) Processed or derived data shall be compared with attention to transformation method, aggregation method, cleaning method, filtering method, normalization, deduplication, inference, exclusions, assumptions, software or model dependency, version, and reproducibility.

8.3.8(d) Model outputs and AI outputs shall be compared with attention to model identity, training or retrieval context, dataset dependencies, input conditions, inference records, human review where material, limitations, bias, drift, hallucination, confidence treatment, uncertainty treatment, and public-safe status.

8.3.8(e) Expert judgments shall be compared with attention to expertise, scope, independence, assumptions, method, discipline, conflicts, professional boundary, evidence basis, limitations, and whether the judgment is an individual view, institutional view, regulated professional opinion, or public authority determination.

8.3.8(f) Public records shall be compared with attention to issuing authority, legal status, publication status, date, jurisdiction, scope, official or non-official character, supersession, amendment, withdrawal, public-safe limits, and relevance to the evidence question.

8.3.8(g) Field observations shall be compared with attention to observer identity where safe, role, location, timing, conditions, method of observation, recording method, chain of custody, safety context, community context, public authority context, source protection, and corroboration where appropriate.

8.3.8(h) Historical records shall be compared with attention to date, origin, purpose, archive status, continuity, historical context, prior terminology, jurisdictional context, source bias, missing records, subsequent correction, supersession, and changed present conditions.

8.3.8(i) No source type shall be allowed to dominate comparison solely because it is quantitative, qualitative, official, technical, automated, historical, expert, public, confidential, visually persuasive, or easier to process. Weight shall depend on the evidence question, source lineage, method, context, confidence, uncertainty, limitations, permissions, and public-safe status.

8.3.8(j) The controlling rule shall be that different source forms may illuminate different parts of truth, but comparison must preserve their differences rather than collapse them into a single unsupported score.

***

8.3.9 Source Comparison Under Missing, Stale, Conflicting, Spoofed, Corrupted, Incomplete, or Contested Conditions.\
8.3.9(a) Source Comparison Logic shall include specific treatment for missing, stale, conflicting, spoofed, corrupted, incomplete, or contested source conditions.

8.3.9(b) Missing source conditions shall be recorded where expected sources are absent, inaccessible, unavailable, withheld, not collected, lost, deleted, restricted, unlawfully unavailable, public-safe unavailable, or not yet produced. Missingness shall not be silently treated as absence of risk, absence of event, absence of harm, absence of defect, or absence of evidence.

8.3.9(c) Stale source conditions shall be recorded where sources are outdated, superseded, time-limited, context-changed, no longer maintained, no longer representative, no longer authorized, no longer public-safe, or inconsistent with current conditions.

8.3.9(d) Conflicting source conditions shall be recorded where sources materially disagree, use inconsistent definitions, apply different methods, measure different periods, reflect different jurisdictions, include different populations, encode different assumptions, or produce incompatible conclusions.

8.3.9(e) Spoofed source conditions shall be recorded where signals, records, identities, locations, device outputs, telemetry, AI outputs, DePIN records, blockchain entries, public claims, documents, images, videos, media, or source credentials are suspected or confirmed to be falsified, impersonated, manipulated, fabricated, replayed, adversarially generated, or fraudulently presented.

8.3.9(f) Corrupted source conditions shall be recorded where data, records, logs, files, models, repositories, dashboards, maps, sensors, devices, software, metadata, custody records, or outputs are damaged, compromised, altered, incomplete, mislinked, malformed, insecure, or unreliable.

8.3.9(g) Incomplete source conditions shall be recorded where sources contain partial coverage, missing fields, redactions, omitted context, excluded populations, inaccessible annexes, low resolution, insufficient sampling, limited time windows, limited geography, incomplete chain of custody, or unsupported conclusions.

8.3.9(h) Contested source conditions shall be recorded where affected persons, communities, Indigenous or local knowledge holders, public authorities, providers, sponsors, hosts, universities, technical reviewers, safeguards reviewers, or other credible challengers dispute source meaning, authority, accuracy, permission, context, public-safe treatment, or use.

8.3.9(i) Where any condition under this section materially affects evidence quality, confidence, uncertainty, public-safe status, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, community-facing interpretation, Nexus interface meaning, or public claims, GCRI Canada shall route the matter to review, reclassification, correction, downgrade, restriction, supersession, withdrawal, retraction, dispute handling, incident handling, or public-safe clarification as appropriate.

8.3.9(j) The controlling rule shall be that adverse source conditions must be surfaced, not smoothed away, because missingness, staleness, conflict, spoofing, corruption, incompleteness, and contestation are themselves evidence conditions.

***

8.3.10 Source Comparison Records, Reviewer Records, Method Records, and Correction Paths.\
8.3.10(a) GCRI Canada shall maintain, or cause to be maintained, source comparison records for material source comparisons conducted within or in support of the Nexus Truth Engine.

8.3.10(b) Source comparison records shall identify the comparison title or identifier, evidence question, source records compared, source types, source lineage, provenance, custody, permissions, classification, public-safe status, technology domain, risk domain, jurisdictional context, community context where applicable, public authority context where applicable, method used, reviewer, review status, comparison date, version, confidence treatment, uncertainty treatment, limitations, conflicts, missing sources, stale sources, contested sources, source-independence treatment, source-reliability treatment, source-bias treatment, source-completeness treatment, permitted use, prohibited use, dependency links, correction path, supersession path, withdrawal path, and archive path.

8.3.10(c) Reviewer records shall identify the reviewer role, authority, competence, conflict status, access authority, review scope, review method, dissent where any, limitation where any, approval where any, and escalation pathway where the comparison raises material risk.

8.3.10(d) Method records shall identify the source comparison method, method version, scope, assumptions, exclusions, evidence categories supported, technology domains supported, public-safe status, limitations, dependency on AI or models where any, dependency on datasets where any, required human review, and correction path.

8.3.10(e) Source comparison records shall be linked, where applicable, to the Evidence Register, Method Register, Dataset Register, Model Register, Observability Register, Ontology and Controlled Vocabulary Register, Evidence Pack Register, Decision Pack Register, Publication and Public-Safe Output Register, Correction Register, Dependency Register, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, Nexus interface records, and public claims records.

8.3.10(f) Where a source comparison is corrected, challenged, reclassified, confidence-changed, uncertainty-changed, restricted, superseded, withdrawn, retracted, downgraded, suspended, reinstated, retired, or archived, affected downstream records and outputs shall be reviewed.

8.3.10(g) Source comparison records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.3.10(h) The controlling rule shall be that source comparison must be recorded because unrecorded comparison cannot be reviewed, challenged, corrected, or safely relied upon as evidence support.

### 8.4 Corroboration, Contradiction, and Dispute Handling

8.4.1 Corroboration as Method-Based Agreement Across Sources, Not Automatic Truth.\
8.4.1(a) GCRI Canada shall treat corroboration as method-based agreement, alignment, reinforcement, or consistency across sources, not as automatic truth, final truth, official truth, public authority truth, recognition, finance-readiness, certification, rating, procurement approval, provider endorsement, sponsor approval, protocol effect, public warning, emergency command, or execution consequence.

8.4.1(b) Corroboration shall require source comparison, source-lineage review, method review, confidence treatment, uncertainty treatment, limitation treatment, classification review, permission review, public-safe review, and dependency review proportionate to the evidence question and risk.

8.4.1(c) Corroboration may arise from independent sources, partially independent sources, methodologically distinct sources, cross-domain sources, repeated measurements, reference sensors, calibrated instruments, public records, field observations, community inputs, public authority context, university or laboratory outputs, provider records, sponsor records, geospatial layers, cyber logs, AI-RAN signals, DePIN records, digital twins, models, or historical records, provided that their relationship, independence, limits, and permitted meanings are recorded.

8.4.1(d) Corroboration shall be distinguished from repetition, duplication, shared-source amplification, dashboard replication, media circulation, sponsor narrative, provider claim repetition, public authority attendance, AI-generated restatement, blockchain anchoring, proof receipt, or multiple outputs derived from the same underlying source.

8.4.1(e) Corroboration may support increased confidence only where the corroborating sources are sufficiently independent, reliable, timely, permissioned, complete, contextually relevant, methodologically compatible, and public-safe for the recorded use.

8.4.1(f) Corroboration shall not erase uncertainty, limitations, conflicting evidence, missing evidence, stale evidence, community challenge, public authority challenge, protected knowledge restrictions, privacy limits, cybersecurity limits, sovereign data limits, finance-boundary limits, provider conflict, sponsor conflict, or downstream dependency concerns.

8.4.1(g) Corroboration outputs shall be recorded where material and shall identify the sources compared, method used, degree of agreement, degree of independence, confidence effect, uncertainty effect, limitations, public-safe status, permitted use, prohibited use, and correction path.

8.4.1(h) The controlling rule shall be that corroboration strengthens evidence only to the extent the method, sources, context, confidence, uncertainty, and records justify that strengthening.

***

8.4.2 Contradiction as Evidence Event Requiring Review.\
8.4.2(a) GCRI Canada shall treat contradiction among material sources, records, outputs, methods, dashboards, maps, models, public authority inputs, community inputs, provider inputs, sponsor inputs, or Nexus interface records as an evidence event requiring review.

8.4.2(b) Contradiction shall include direct factual inconsistency, incompatible measurements, inconsistent timestamps, inconsistent locations, inconsistent source lineage, conflicting method results, conflicting model outputs, inconsistent public authority context, inconsistent community context, inconsistent provider claims, inconsistent sponsor claims, inconsistent benchmark results, inconsistent geospatial layers, inconsistent cyber logs, inconsistent sensor readings, inconsistent AI-RAN signals, inconsistent DePIN records, inconsistent dashboard states, or inconsistent public-safe claims.

8.4.2(c) Contradiction shall not be resolved by title, hierarchy, institutional prestige, official proximity, sponsor influence, provider prominence, media visibility, technical sophistication, AI confidence, dashboard appearance, proof receipt, or the number of repeated claims.

8.4.2(d) Contradiction review shall identify the affected evidence question, sources in conflict, source lineage, methods used, collection time, location or safe location treatment, evidence class, data class, confidence, uncertainty, limitations, classification, public-safe status, review status, permissions, possible causes, affected dependencies, and required correction path.

8.4.2(e) Possible causes of contradiction may include source error, data error, method error, calibration difference, timing difference, geographic mismatch, jurisdictional context, semantic mismatch, translation error, model drift, AI hallucination, sensor spoofing, cyber compromise, incomplete evidence, stale evidence, public authority capacity difference, community context difference, provider conflict, sponsor interest, or public claim overreach.

8.4.2(f) Where contradiction affects public-safe outputs, public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority support, Docket records, Grid records, Observatory outputs, Truth Engine outputs, Rails handoffs, dashboards, maps, technical baselines, provider materials, sponsor materials, host materials, community-facing materials, or public claims, GCRI Canada shall evaluate whether hold, restriction, correction, qualification, downgrade, supersession, withdrawal, retraction, or notice is required.

8.4.2(g) A contradiction may remain unresolved where the record does not support resolution. In such case, GCRI Canada shall preserve the contradiction, state limitations where appropriate, prevent overclaim, and maintain a correction path.

8.4.2(h) The controlling rule shall be that contradiction is not institutional inconvenience; it is evidence requiring disciplined review and transparent treatment.

***

8.4.3 Disputed Evidence Handling.\
8.4.3(a) GCRI Canada shall maintain disputed evidence handling for evidence records, datasets, models, methods, observability outputs, Evidence Packs, Decision Packs, dashboards, maps, public-safe outputs, technical baselines, public-good software outputs, Docket records, Grid records, Truth Engine outputs, Rails handoffs, GRF inputs, GRA inputs, Protocol Authority support, public authority materials, finance-facing materials, provider materials, sponsor materials, host materials, community-facing materials, interface records, and public claims.

8.4.3(b) Evidence may be treated as disputed where its accuracy, source lineage, provenance, custody, permission, lawful basis, context, method, confidence, uncertainty, classification, public-safe status, interpretation, boundary meaning, dependency, or downstream use is challenged by a credible source or affected actor.

8.4.3(c) Dispute handling shall identify the disputed record, challenger where appropriate and safe, nature of dispute, basis for dispute, affected sources, affected methods, affected confidence, affected uncertainty, affected classification, affected public-safe status, affected permissions, affected boundaries, affected dependencies, reviewer, review pathway, interim status, and correction path.

8.4.3(d) Disputed evidence may be marked, restricted, held, downgraded, qualified, reclassified, separated from public-safe outputs, removed from dashboards, removed from maps, withheld from finance-facing materials, withheld from public authority materials, withheld from GRF inputs, withheld from GRA inputs, withheld from Protocol Authority support, or prevented from public claim use pending review where risk requires.

8.4.3(e) Disputed status shall not imply that evidence is false. It shall mean that the evidence requires review, limitation, qualification, or correction before it may be relied upon or communicated beyond recorded boundaries.

8.4.3(f) Disputed evidence shall not be used to create or imply certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.4.3(g) Dispute handling shall preserve confidentiality, source protection, protected participation, community safeguards, Indigenous and protected knowledge safeguards, privacy, cybersecurity, sovereign data, public authority restrictions, finance-safe treatment, provider neutrality, sponsor non-control, and public-safe publication.

8.4.3(h) The controlling rule shall be that disputed evidence remains part of the record but must be marked, bounded, reviewed, and corrected or resolved through a records-valid pathway.

***

8.4.4 Conflicting Source Handling.\
8.4.4(a) GCRI Canada shall maintain conflicting source handling for sources that materially disagree, diverge, contradict, measure different conditions, use different assumptions, apply different definitions, reflect different jurisdictions, encode different methods, or represent different public authority, community, provider, sponsor, technical, historical, or model contexts.

8.4.4(b) Conflicting source handling shall classify the conflict as factual, methodological, temporal, geographic, semantic, jurisdictional, evidentiary, public authority-related, community-related, protected knowledge-related, model-related, AI-related, sensor-related, cyber-related, provider-related, sponsor-related, finance-facing, public-safe, or boundary-related where material.

8.4.4(c) Conflicting sources shall be compared through source independence, source reliability, source timeliness, source permission, source bias, source completeness, source context, method, confidence, uncertainty, limitations, and public-safe status.

8.4.4(d) Where sources conflict because they describe different contexts, GCRI Canada shall not force artificial reconciliation. It shall preserve context and record whether the conflict is real, apparent, unresolved, context-dependent, terminology-dependent, time-dependent, geography-dependent, method-dependent, or authority-dependent.

8.4.4(e) Where sources conflict because of controlled vocabulary mismatch, translation mismatch, localization mismatch, schema mismatch, data dictionary mismatch, or AI-readable structure mismatch, GCRI Canada shall route the matter to ontology or controlled vocabulary review.

8.4.4(f) Where conflicting sources affect public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, community-facing interpretation, protected knowledge treatment, Nexus interface meaning, or public claims, GCRI Canada shall apply heightened boundary review before further use.

8.4.4(g) Conflicting source handling may result in confirming one source, qualifying multiple sources, downgrading confidence, segmenting contexts, reclassifying evidence, suspending use, triggering additional evidence collection, correcting records, superseding records, withdrawing outputs, retracting public claims, or archiving unresolved disputes.

8.4.4(h) The controlling rule shall be that conflict must be governed as evidence, not hidden as noise or prematurely resolved for narrative convenience.

***

8.4.5 Missing Evidence Handling.\
8.4.5(a) GCRI Canada shall maintain missing evidence handling for cases where expected, material, required, or useful evidence is absent, inaccessible, uncollected, withheld, deleted, restricted, delayed, not yet available, not permissioned, not public-safe, not capable of verification, or not fit for use.

8.4.5(b) Missing evidence shall be recorded where its absence materially affects confidence, uncertainty, completeness, fitness for purpose, public-safe status, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, community-facing interpretation, Nexus interface meaning, or public claims.

8.4.5(c) Missing evidence shall not be treated as proof that no risk, harm, event, defect, vulnerability, capability, condition, conflict, community concern, public authority concern, provider issue, sponsor influence, or system failure exists.

8.4.5(d) Missing evidence handling shall identify the expected evidence, reason for missingness where known, source or custodian where known, access restriction, permission issue, public-safe issue, privacy issue, cybersecurity issue, sovereign data issue, protected knowledge issue, community safeguard issue, public authority restriction, collection feasibility, substitute evidence where any, limitation effect, confidence effect, uncertainty effect, and correction or follow-up path.

8.4.5(e) Where missing evidence is caused by rights-based refusal, community non-consent, Indigenous or protected knowledge restrictions, public authority restrictions, lawful confidentiality, privacy limits, cybersecurity limits, sovereign data restrictions, or safety concerns, GCRI Canada shall treat such missingness as a governed constraint, not a defect to be bypassed.

8.4.5(f) Where missing evidence materially affects an output, GCRI Canada shall consider whether to qualify, restrict, downgrade, delay, suspend, withdraw, or withhold the output rather than permit unsupported certainty.

8.4.5(g) Missing evidence status shall be updated where evidence later becomes available, becomes unavailable, is corrected, is restricted, is rejected, or is determined no longer material.

8.4.5(h) The controlling rule shall be that missing evidence must be visible in the record because hidden missingness creates false confidence.

***

8.4.6 Stale Evidence Handling.\
8.4.6(a) GCRI Canada shall maintain stale evidence handling for evidence whose time-bound validity, source context, method context, public-safe status, permission status, confidence, uncertainty, limitation, classification, or downstream use may no longer be current.

8.4.6(b) Evidence may be stale where it has been superseded, time-limited, context-changed, event-changed, jurisdiction-changed, community-context changed, technology-changed, model-drifted, sensor-drifted, policy-changed, public authority-changed, provider-changed, sponsor-changed, data-permission changed, public-safe status changed, or no longer maintained.

8.4.6(c) Stale evidence handling shall identify the evidence record, date of creation, date of review, time sensitivity, source update frequency, method update frequency, public-safe review date, status, supersession status, withdrawal status, retraction status, archive status, downstream dependencies, and required refresh or retirement path.

8.4.6(d) Stale evidence shall not be used as current evidence merely because it is publicly available, widely cited, technically sophisticated, convenient, incorporated in a dashboard, embedded in software, included in a prior Evidence Pack, referenced by a public authority, relied upon by a sponsor, used by a provider, or repeated in Nexus materials.

8.4.6(e) Where stale evidence affects public-safe outputs, dashboards, maps, public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority support, Docket records, Grid records, Observatory outputs, Truth Engine outputs, Rails handoffs, provider materials, sponsor materials, host materials, community-facing materials, or public claims, GCRI Canada shall determine whether correction, qualification, downgrade, supersession, withdrawal, retraction, or notice is required.

8.4.6(f) Time-sensitive evidence shall carry review cadence, expiry, refresh trigger, or use-by limitation where appropriate.

8.4.6(g) Stale evidence handling shall preserve historical value where appropriate while preventing historical evidence from being misrepresented as current evidence.

8.4.6(h) The controlling rule shall be that evidence can be true in history and unsafe in present use unless its currency is recorded and reviewed.

***

8.4.7 Spoofed, Tampered, Failed, Synthetic, Adversarial, or Manipulated Signal Handling.\
8.4.7(a) GCRI Canada shall maintain handling methods for spoofed, tampered, failed, synthetic, adversarial, or manipulated signals affecting sensors, reference sensors, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, cyber logs, geospatial data, Earth observation data, satellite data, digital twin outputs, model outputs, AI outputs, dashboard states, map layers, blockchain entries, proof receipts, smart-contract logs, documents, images, videos, audio, public claims, or source credentials.

8.4.7(b) Spoofed signal handling shall apply where signal identity, device identity, source identity, location, timestamp, telemetry, provenance, custody, proof record, or asserted condition is suspected or confirmed to be falsified, replayed, impersonated, fabricated, adversarially generated, or fraudulently presented.

8.4.7(c) Tampered signal handling shall apply where records, devices, files, logs, metadata, repositories, dashboards, maps, models, datasets, evidence packs, technical baselines, or outputs are suspected or confirmed to have been altered, modified, corrupted, injected, suppressed, selectively edited, or manipulated without proper authority.

8.4.7(d) Failed signal handling shall apply where sensors, systems, models, dashboards, maps, pipelines, data feeds, compute environments, communication systems, repositories, APIs, or evidence processes have failed, degraded, lost integrity, lost availability, lost calibration, lost synchronization, or become unreliable.

8.4.7(e) Synthetic or adversarial signal handling shall apply where AI-generated content, synthetic media, deepfakes, generated documents, fabricated telemetry, adversarial examples, prompt-injected outputs, synthetic datasets, simulated outputs, or model-generated artifacts may be mistaken for real-world evidence without proper treatment.

8.4.7(f) Manipulated signal handling shall include review of signal origin, custody, access logs, cryptographic records where any, device records, model records, dataset records, pipeline records, cyber indicators, anomaly indicators, corroborating sources, conflict sources, public-safe implications, and incident response requirements.

8.4.7(g) Where spoofed, tampered, failed, synthetic, adversarial, or manipulated signals materially affect evidence quality, public-safe outputs, dashboards, maps, public authority materials, finance-facing materials, provider materials, sponsor materials, GRF inputs, GRA inputs, Protocol Authority support, Nexus interface records, or public claims, GCRI Canada shall hold, restrict, flag, downgrade, correct, supersede, withdraw, retract, quarantine, route to cyber or technical review, or notify affected dependencies as appropriate.

8.4.7(h) GCRI Canada shall not publicly disclose technical details of spoofing, tampering, adversarial manipulation, cyber compromise, infrastructure vulnerability, or exploitability where disclosure would create security risk, public safety risk, protected knowledge risk, community harm, or unlawful exposure.

8.4.7(i) The controlling rule shall be that manipulated signals are not merely bad data; they are integrity events requiring evidence, cyber, public-safe, and correction treatment.

***

8.4.8 Community or Public Authority Challenge Handling.\
8.4.8(a) GCRI Canada shall maintain challenge handling for community challenges and public authority challenges affecting evidence records, source treatment, methods, confidence, uncertainty, public-safe status, dashboard outputs, map outputs, Truth Engine outputs, Observatory outputs, Evidence Packs, Decision Packs, public-safe reports, public authority materials, community-facing materials, GRF inputs, GRA inputs, Protocol Authority support, Nexus interface records, or public claims.

8.4.8(b) Community challenge may include challenge by affected persons, local participants, community representatives, Indigenous institutions, Indigenous or local knowledge holders, protected knowledge holders, civil society actors, vulnerable community representatives, hosts, residents, workers, field participants, or other affected actors.

8.4.8(c) Public authority challenge may include challenge by public authorities, public officials acting in appropriate capacity, regulators, emergency-management actors, public health actors, public finance actors, procurement actors, infrastructure actors, public-sector data custodians, or other competent public bodies.

8.4.8(d) Community or public authority challenges shall be received, classified, recorded, protected where necessary, and reviewed through an appropriate pathway that respects confidentiality, authority, public-safe status, lawful restrictions, cultural context, Indigenous protocol where applicable, public authority capacity, and conflict-of-interest controls.

8.4.8(e) GCRI Canada shall not dismiss community challenge merely because it is qualitative, local, non-technical, non-institutional, inconvenient, politically sensitive, contrary to sponsor narratives, contrary to provider claims, contrary to public-facing materials, or difficult to reconcile with machine-generated sources.

8.4.8(f) GCRI Canada shall not treat public authority challenge as automatic public authority decision, official guidance, regulatory order, procurement instruction, public warning, emergency command, funding approval, public finance position, or sovereign obligation unless the public authority has separately acted through its own lawful process and record.

8.4.8(g) Where a community or public authority challenge has merit or cannot safely be dismissed, GCRI Canada shall consider qualification, correction, reclassification, public-safe revision, restriction, downgrade, supersession, withdrawal, retraction, controlled notice, public-safe notice, additional evidence review, safeguards review, public authority reference review, or board escalation as appropriate.

8.4.8(h) The controlling rule shall be that community and public authority challenges are evidence-governance events that must be heard without converting challenge into either automatic override or automatic authority.

***

8.4.9 Provider, Sponsor, Host, or Capital-Reader Challenge Handling.\
8.4.9(a) GCRI Canada shall maintain challenge handling for provider, sponsor, host, donor, funder, capital-reader, vendor, contractor, National Company, Project SPV, or other enterprise-stack challenges affecting evidence records, methods, benchmarks, source treatment, confidence, uncertainty, public-safe status, provider references, sponsor references, host references, finance-facing materials, dashboards, maps, technical baselines, Evidence Packs, Decision Packs, Truth Engine outputs, Observatory outputs, Rails handoffs, GRF inputs, GRA inputs, Protocol Authority support, Nexus interface records, or public claims.

8.4.9(b) Provider, sponsor, host, or capital-reader challenges shall be received and recorded where credible, but shall be reviewed through conflict, influence, boundary, competition, finance, public-safe, and correction controls proportionate to the challenge and relationship.

8.4.9(c) GCRI Canada shall not ignore a provider, sponsor, host, or capital-reader challenge merely because the challenger has an interest. Interested challengers may identify real defects, missing context, technical errors, method errors, data errors, public-safe issues, confidentiality issues, IP issues, or boundary risks.

8.4.9(d) GCRI Canada shall not accept a provider, sponsor, host, or capital-reader challenge merely because the challenger funds, supports, hosts, supplies, integrates, demonstrates, maintains, operates, invests in, evaluates, or is affected by the relevant activity.

8.4.9(e) Provider challenges shall be reviewed for technical merit, evidence basis, benchmark context, source lineage, method scope, provider-interest effects, procurement implication, certification implication, recognition implication, provider-neutrality risk, market-allocation risk, and public-claims risk.

8.4.9(f) Sponsor, donor, or funder challenges shall be reviewed for evidence merit, public-benefit merit, conflict, influence, outcome-purchase risk, publication-suppression risk, sponsor-control risk, public authority access purchase risk, recognition-purchase risk, finance-readiness-purchase risk, certification-purchase risk, and public-claims risk.

8.4.9(g) Host challenges shall be reviewed for evidence merit, site context, data authority, community context, public authority context, operational sensitivity, public-safe status, privacy, cybersecurity, sovereign data, infrastructure sensitivity, public claims, and support-without-control boundaries.

8.4.9(h) Capital-reader challenges shall be reviewed for evidence merit, finance-boundary risk, reliance risk, rating-like interpretation, investment-advice risk, public finance implication, guarantee implication, insurance implication, securities implication, and public-claims risk.

8.4.9(i) Where a provider, sponsor, host, or capital-reader challenge has merit or cannot safely be dismissed, GCRI Canada shall consider qualification, correction, reclassification, restriction, downgrade, supersession, withdrawal, retraction, public-safe revision, controlled notice, interface revision, conflict disclosure, or board escalation as appropriate.

8.4.9(j) The controlling rule shall be that interested challenges may improve evidence but shall never purchase, suppress, steer, certify, finance, endorse, or execute truth.

***

8.4.10 Escalation Pathways for High-Consequence Disputes.\
8.4.10(a) GCRI Canada shall maintain escalation pathways for high-consequence disputes affecting evidence integrity, public-safe status, public authority interpretation, finance-facing interpretation, provider neutrality, sponsor non-control, community safeguards, Indigenous or protected knowledge, privacy, cybersecurity, sovereign data, controlled technology, public claims, GRF inputs, GRA inputs, Protocol Authority support, Nexus interface records, National Company interfaces, Project SPV interfaces, or downstream dependency.

8.4.10(b) A dispute shall be high-consequence where it may materially affect public safety, rights-bearing data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign-sensitive data, public authority materials, finance-facing materials, public claims, community harm, protected knowledge exposure, Indigenous or local knowledge misuse, public warning confusion, emergency-command confusion, procurement implication, certification implication, recognition implication, finance-readiness implication, provider preference, sponsor control, market consequence, legal compliance, or institutional trust.

8.4.10(c) Escalation pathways may include evidence steward review, method steward review, data steward review, public-safe publication review, privacy review, cybersecurity review, AI review, sovereign data review, safeguards review, Indigenous or protected knowledge review, public authority boundary review, finance boundary review, competition review, legal review, interface review, committee review, officer escalation, board escalation, or external expert review where appropriate.

8.4.10(d) High-consequence disputes may require interim controls including hold, stop-the-line action, quarantine, access restriction, dashboard suspension, map suspension, publication hold, public-claim freeze, finance-facing hold, public authority-facing hold, GRF input hold, GRA input hold, Protocol Authority support hold, interface suspension, provider-reference hold, sponsor-reference hold, or downstream dependency notice.

8.4.10(e) Escalation shall identify responsible actor, authority, interim status, review question, evidence affected, method affected, data affected, output affected, public-safe status, boundary risks, required reviewers, timeline, notice decision, and closeout condition.

8.4.10(f) Where urgent public safety, cybersecurity, privacy, protected knowledge, public authority, or legal risk exists, GCRI Canada may apply immediate protective measures before completing full review, provided that such measures are recorded, proportionate, temporary where appropriate, and subject to follow-up review.

8.4.10(g) Escalation shall not convert GCRI Canada into an emergency commander, public warning authority, public authority, regulator, financial actor, certifier, provider selector, sponsor controller, Protocol Authority, GRF, GRA, National Company, Project SPV, or execution actor.

8.4.10(h) The controlling rule shall be that high-consequence disputes must be escalated early enough to prevent evidence defects from becoming public harm, authority confusion, finance overclaim, provider preference, sponsor control, or execution drift.

***

8.4.11 Dispute Outcomes: Confirm, Qualify, Downgrade, Suspend, Correct, Supersede, Withdraw, Retract, Reclassify, or Archive.\
8.4.11(a) Dispute outcomes may include confirmation, qualification, downgrade, suspension, correction, supersession, withdrawal, retraction, reclassification, restriction, reinstatement, retirement, archive, additional review, continued monitoring, or no-change determination with recorded reasons.

8.4.11(b) Confirmation may be used where the challenged evidence, method, output, classification, confidence, uncertainty, or public-safe status remains supported after review, provided that confirmation does not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.4.11(c) Qualification may be used where evidence remains useful only with revised limitation, audience, confidence, uncertainty, public-safe status, permitted use, prohibited use, boundary language, or dependency warning.

8.4.11(d) Downgrade may be used where evidence quality, confidence, public-safe status, maturity-context meaning, readiness-context meaning, method reliability, dashboard meaning, map meaning, claim strength, or permitted use must be reduced.

8.4.11(e) Suspension may be used where use must be temporarily held pending review, challenge, investigation, correction, public-safe review, legal review, privacy review, cybersecurity review, sovereign data review, safeguards review, public authority boundary review, finance boundary review, competition review, or interface review.

8.4.11(f) Correction may be used where a record, method, output, claim, classification, confidence statement, uncertainty statement, limitation, attribution, boundary language, dashboard, map, publication, interface, or dependency is inaccurate, incomplete, misleading, stale, misclassified, overclaimed, unsafe, or no longer fit for purpose.

8.4.11(g) Supersession may be used where a new version replaces a prior version while preserving prior identity, version history, correction history, status history, dependency links, access restrictions, and archive treatment.

8.4.11(h) Withdrawal may be used where a record or output cannot safely or lawfully remain in active use, lacks authority, lacks permission, exposes restricted material, mishandles protected knowledge, creates public authority confusion, creates finance overclaim, creates procurement implication, creates provider preference, creates sponsor control, creates community harm, or cannot be corrected in place.

8.4.11(i) Retraction may be used where a public or material claim was materially wrong, unsupported, unsafe, authority-inflating, finance-inflating, procurement-inflating, provider-preferential, sponsor-controlled, privacy-invasive, security-sensitive, community-harming, protected-knowledge-infringing, or inconsistent with GCRI Canada’s public-benefit duties.

8.4.11(j) Reclassification may be used where evidence, data, methods, outputs, dashboards, maps, Evidence Packs, Decision Packs, public-safe materials, public authority materials, finance-facing materials, provider materials, sponsor materials, community-facing materials, or interface records require changed access, handling, public-safe, finance-safe, public authority-facing, provider-facing, sponsor-facing, protected knowledge, or archive status.

8.4.11(k) Archive may be used to preserve identity, history, challenge, review, correction, status, dependency, and closure while preventing active use beyond recorded limits.

8.4.11(l) The controlling rule shall be that dispute outcomes must repair the record, protect affected dependencies, preserve institutional memory, and prevent continued use beyond what the reviewed evidence supports.

***

8.4.12 Corroboration, Contradiction, Dispute, and Challenge Records.\
8.4.12(a) GCRI Canada shall maintain, or cause to be maintained, corroboration, contradiction, dispute, and challenge records for material corroboration reviews, contradiction reviews, disputed evidence reviews, conflicting source reviews, missing evidence reviews, stale evidence reviews, manipulated signal reviews, community challenges, public authority challenges, provider challenges, sponsor challenges, host challenges, capital-reader challenges, and high-consequence dispute escalations.

8.4.12(b) Corroboration records shall identify the evidence question, sources compared, method used, degree of agreement, degree of independence, source reliability, source timeliness, source permission, source bias, source completeness, confidence effect, uncertainty effect, limitation effect, reviewer, review status, permitted use, prohibited use, dependency links, and correction path.

8.4.12(c) Contradiction records shall identify the sources or outputs in conflict, nature of contradiction, conflict type, possible causes, evidence affected, methods affected, confidence effect, uncertainty effect, public-safe effect, classification effect, affected dependencies, interim controls, reviewer, escalation pathway, and resolution status.

8.4.12(d) Dispute records shall identify the disputed record or output, challenger where appropriate and safe, challenge basis, challenge type, affected source, affected method, affected classification, affected public-safe status, affected confidence, affected uncertainty, affected boundary language, affected dependencies, review pathway, interim status, outcome, notice decision, and closeout requirements.

8.4.12(e) Challenge records shall preserve confidentiality, protected participation, source protection, public authority restrictions, community safeguards, Indigenous and protected knowledge safeguards, privacy, cybersecurity, sovereign data, finance-safe treatment, provider-neutrality treatment, sponsor non-control treatment, and public-safe publication treatment where applicable.

8.4.12(f) Records under this section shall be linked, where applicable, to the Evidence Register, Method Register, Dataset Register, Model Register, Observability Register, Ontology and Controlled Vocabulary Register, Evidence Pack Register, Decision Pack Register, Publication and Public-Safe Output Register, Correction Register, Dependency Register, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, Nexus interface records, provider records, sponsor records, host records, and public claims records.

8.4.12(g) Where a corroboration, contradiction, dispute, or challenge record results in confirmation, qualification, downgrade, suspension, correction, supersession, withdrawal, retraction, reclassification, reinstatement, retirement, or archive, affected downstream records and outputs shall be reviewed.

8.4.12(h) Corroboration, contradiction, dispute, and challenge records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.4.12(i) The controlling rule shall be that truth stewardship requires records of agreement, disagreement, dispute, and challenge because unrecorded conflict cannot be reviewed, corrected, or safely communicated.

### 8.5 Confidence Scoring and Confidence Governance

8.5.1 Confidence Scores as Evidence-Quality and Corroboration Signals.\
8.5.1(a) GCRI Canada may use confidence scores, confidence bands, confidence labels, confidence notes, confidence states, confidence indicators, confidence narratives, or equivalent confidence artifacts within the Nexus Truth Engine as evidence-quality and corroboration signals.

8.5.1(b) Confidence scores shall indicate, within a recorded method and context, the relative strength, quality, reliability, corroboration, completeness, timeliness, independence, reproducibility, review status, and limitation profile of evidence or evidence-related outputs.

8.5.1(c) Confidence scores may be applied to evidence records, source comparisons, corroboration outputs, contradiction reviews, dispute reviews, datasets, models, system cards, benchmark cards, observability records, dashboards, maps, Evidence Packs, Decision Packs, Truth Engine outputs, Observatory outputs, Docket inputs, Grid inputs, Rails handoffs, GRF inputs, GRA inputs, Protocol Authority support, public authority learning materials, technical publications, public-safe reports, controlled annexes, and public-safe summaries.

8.5.1(d) Confidence scoring shall not be used as a substitute for source lineage, provenance, custody, method documentation, evidence classification, public-safe classification, uncertainty treatment, limitation disclosure, access controls, boundary language, reviewer judgment, or correction path.

8.5.1(e) Confidence scores shall be contextual. A confidence score assigned for one purpose, audience, domain, jurisdiction, technology, source class, public-safe status, finance-facing status, public authority-facing status, or interface shall not be assumed to apply to another purpose, audience, domain, jurisdiction, technology, status, or interface without review.

8.5.1(f) Confidence scores may increase, decrease, be qualified, be suspended, be withdrawn, be superseded, or be reissued as source records, methods, data, models, evidence classes, public-safe classifications, disputes, corrections, or downstream uses change.

8.5.1(g) Confidence scores shall be records-bound and shall carry or link to the evidence, source, method, context, assumptions, limitations, review status, public-safe status, permitted use, prohibited use, and correction path that give the score meaning.

8.5.1(h) The controlling rule shall be that confidence scores are structured evidence-quality signals, not free-standing truth, status, authority, approval, maturity, readiness, certification, or execution indicators.

***

8.5.2 Confidence Scores as Non-Rating, Non-Certification, Non-Public-Authority, Non-Finance, and Non-Execution Artifacts.\
8.5.2(a) Confidence scores shall be non-rating, non-certification, non-public-authority, non-finance, non-procurement, non-provider-endorsement, non-sponsor-approval, non-protocol-effect, non-public-warning, non-emergency-command, and non-execution artifacts.

8.5.2(b) No confidence score, confidence band, confidence label, dashboard color, map layer, risk indicator, resilience indicator, benchmark indicator, maturity-context signal, readiness-context signal, Truth Engine output, Observatory output, or Evidence Pack score shall create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.5.2(c) Confidence scores shall not be marketed, relied upon, displayed, exported, integrated, or summarized as credit ratings, investment ratings, insurance ratings, resilience ratings, project ratings, provider ratings, technology ratings, safety approvals, security approvals, compliance approvals, public authority findings, GRF recognition, GRA finance-readiness, Protocol Authority conformance, procurement rankings, or operational clearances.

8.5.2(d) Confidence scoring shall not convert GCRI Canada into a rating agency, investment adviser, securities actor, insurer, underwriter, lender, guarantor, public finance approver, public authority, regulator, certifier, procurement body, emergency commander, public warning authority, protocol authority, infrastructure operator, National Company, Project SPV, provider, or execution actor.

8.5.2(e) Where confidence scores are displayed in dashboards, maps, reports, public-safe outputs, public authority materials, finance-facing materials, provider-facing materials, sponsor-facing materials, Academy materials, public websites, repositories, APIs, or public claims, boundary language shall prevent score inflation into authority, rating, approval, finance-readiness, certification, recognition, procurement advantage, or execution readiness.

8.5.2(f) Where a third party uses or describes a confidence score as a rating, approval, certification, recognition, finance-readiness determination, public authority decision, procurement preference, provider endorsement, sponsor approval, guarantee, or execution clearance, GCRI Canada shall require correction, clarification, withdrawal, retraction, controlled notice, public-safe notice, interface suspension, or other remedy as appropriate.

8.5.2(g) Confidence scores may support evidence interpretation by competent actors, but any downstream authority, decision, reliance, financial consequence, public authority consequence, recognition consequence, protocol consequence, procurement consequence, or execution consequence shall arise only from the competent actor’s own lawful process and record.

8.5.2(h) The controlling rule shall be that confidence scoring makes evidence more transparent; it does not make GCRI Canada an authority over ratings, finance, public decisions, certification, procurement, protocol effect, or execution.

***

8.5.3 Confidence Method Documentation.\
8.5.3(a) GCRI Canada shall maintain, or cause to be maintained, documentation for material confidence scoring methods used in the Nexus Truth Engine.

8.5.3(b) Confidence method documentation shall identify the method title or identifier, purpose, scope, evidence classes covered, source classes covered, technology domains covered, risk domains covered, data classes covered, output types covered, intended audiences, excluded uses, owner, custodian, steward, version, effective date, status, assumptions, inputs, weights where any, scoring logic, threshold logic where any, qualitative judgment factors, human review requirements, AI-use status, model dependencies, dataset dependencies, calibration basis, validation basis, limitations, public-safe status, permitted use, prohibited use, correction path, supersession path, withdrawal path, and archive path.

8.5.3(c) Confidence method documentation shall state whether a confidence score is numeric, categorical, narrative, banded, ordinal, qualitative, hybrid, or contextual, and shall identify how score meaning changes across evidence classes, technology domains, audiences, public-safe status, controlled-room use, finance-facing use, public authority learning use, GRF input, GRA input, Protocol Authority support, technical publication, dashboard, map, Evidence Pack, or Decision Pack.

8.5.3(d) Confidence method documentation shall identify the relationship between confidence and uncertainty. A high confidence score shall not be used to erase material uncertainty, and a low confidence score shall not be used to imply falsity without record.

8.5.3(e) Confidence method documentation shall identify required downgrade factors, hold factors, dispute factors, exclusion factors, review triggers, public-safe release constraints, controlled-room constraints, finance-boundary constraints, public authority boundary constraints, provider-neutrality constraints, sponsor non-control constraints, and correction triggers.

8.5.3(f) Confidence method documentation shall be versioned and shall not be silently changed. Material method updates shall identify prior method, new method, reason for change, effective date, affected records, affected outputs, affected scores, downstream dependency review, correction path, and public-safe communication where required.

8.5.3(g) Where confidence scoring uses AI, statistical models, weighted scoring, automated classification, dashboard rules, benchmark rules, or retrieval systems, method documentation shall identify model governance, inference records where material, evaluation records, benchmark cards, system cards, bias risks, drift risks, hallucination risks, false precision risks, and human review requirements.

8.5.3(h) The controlling rule shall be that confidence scoring is not valid unless the method for producing, interpreting, updating, and correcting confidence is documented, versioned, bounded, and reviewable.

***

8.5.4 Confidence Inputs: Source Quality, Corroboration, Timeliness, Calibration, Completeness, Independence, Reproducibility, Review Status, and Context.\
8.5.4(a) Confidence scoring shall consider, where material, source quality, corroboration, timeliness, calibration, completeness, independence, reproducibility, review status, and context.

8.5.4(b) Source quality shall consider source lineage, provenance, custody, source authority, source reliability, source integrity, source transparency, source documentation, permissions, lawful basis, correction history, conflict status, public-safe status, and classification.

8.5.4(c) Corroboration shall consider whether evidence is supported by independent sources, partially independent sources, methodologically distinct sources, repeated measurements, reference sources, field observations, public records, community context, public authority context, university or laboratory outputs, technical sources, observability records, or other relevant sources, and whether such support is genuine rather than shared-source amplification.

8.5.4(d) Timeliness shall consider date of collection, date of review, update frequency, latency, stale status, supersession status, withdrawal status, retraction status, context change, technology change, public authority change, community context change, provider change, sponsor change, and continuing fitness for purpose.

8.5.4(e) Calibration shall consider instrument calibration, sensor calibration, model calibration, benchmark calibration, method calibration, evaluation conditions, environmental conditions, hardware conditions, software conditions, geospatial precision, clock integrity, location integrity, and known drift.

8.5.4(f) Completeness shall consider coverage of the relevant time, place, population, system, asset, event, hazard, technology, infrastructure, community, public authority context, provider context, sponsor context, evidence class, and evidence question, including missing data, missing sources, redactions, inaccessible annexes, and known blind spots.

8.5.4(g) Independence shall consider whether sources depend on common origin, common dataset, common model, common sensor, common provider platform, common sponsor material, common public authority feed, common field team, common repository, common method, common publication, or common AI-generated summary.

8.5.4(h) Reproducibility shall consider whether evidence or method outcomes can be replicated, re-run, rechecked, re-observed, independently reviewed, or otherwise verified within lawful, safe, privacy-preserving, cybersecurity-compatible, sovereign-data-compatible, and protected-knowledge-compatible limits.

8.5.4(i) Review status shall consider whether evidence has been unreviewed, internally reviewed, technically reviewed, public-safe reviewed, legal reviewed, safeguards reviewed, public authority boundary reviewed, finance boundary reviewed, peer reviewed, committee reviewed, board reviewed, or independently reviewed.

8.5.4(j) Context shall consider jurisdictional context, public authority context, community context, Indigenous or local knowledge context, protected knowledge context, technology domain, risk domain, stage truth, intended audience, permitted use, prohibited use, public-safe status, finance-facing status, provider-facing status, sponsor-facing status, and downstream dependency.

8.5.4(k) The controlling rule shall be that confidence must arise from traceable inputs, not from institutional intuition, technical elegance, public visibility, authority proximity, sponsor support, provider prominence, or narrative force.

***

8.5.5 Confidence Downgrades for Conflict, Staleness, Missing Data, Spoof Risk, Bias, Model Uncertainty, Sponsor Influence, Provider Influence, or Boundary Risk.\
8.5.5(a) GCRI Canada shall maintain downgrade rules for confidence scoring where conflict, staleness, missing data, spoof risk, tamper risk, corruption risk, bias, model uncertainty, AI uncertainty, sponsor influence, provider influence, host influence, capital-reader influence, public authority ambiguity, protected knowledge risk, community harm risk, privacy risk, cybersecurity risk, sovereign data risk, finance-boundary risk, public-safe risk, or other boundary risk materially affects evidence strength.

8.5.5(b) Conflict downgrade shall apply where sources materially disagree, methods conflict, public authority context differs, community context differs, provider claims diverge, sponsor claims diverge, benchmark outcomes conflict, observability signals conflict, model outputs conflict, or unresolved contradiction affects evidence meaning.

8.5.5(c) Staleness downgrade shall apply where evidence is outdated, superseded, time-limited, context-changed, method-changed, data-permission changed, technology-changed, public authority-changed, community-context changed, provider-changed, sponsor-changed, model-drifted, sensor-drifted, policy-changed, public-safe status changed, or no longer maintained.

8.5.5(d) Missing data downgrade shall apply where expected, material, required, or useful evidence is absent, inaccessible, restricted, withheld, uncollected, deleted, unavailable, not permissioned, not public-safe, incomplete, or unfit for use.

8.5.5(e) Spoof, tamper, synthetic, adversarial, failed-signal, or corruption downgrade shall apply where signals, records, devices, identities, locations, logs, dashboards, maps, models, datasets, repositories, proof receipts, blockchain records, DePIN records, AI outputs, images, videos, documents, or source credentials are suspected or confirmed to be manipulated, compromised, fabricated, replayed, corrupted, or unreliable.

8.5.5(f) Bias downgrade shall apply where source selection, data collection, sampling, method design, model training, dashboard design, public authority context, sponsor interest, provider interest, host interest, capital-reader interest, media framing, academic incentive, community exclusion, missing voices, or institutional incentive may materially affect evidence meaning.

8.5.5(g) Model uncertainty downgrade shall apply where outputs depend materially on AI, statistical models, simulations, digital twins, scenario engines, classification systems, retrieval systems, sensor fusion systems, or other models with unresolved assumptions, limitations, drift, hallucination risk, bias risk, calibration uncertainty, or incomplete validation.

8.5.5(h) Sponsor, provider, host, or capital-reader influence downgrade shall apply where support relationships, technical dependencies, funding, in-kind contributions, platform control, data access, benchmark design, publication timing, public authority access, finance-facing use, or public claim incentives create actual or perceived influence risk.

8.5.5(i) Boundary-risk downgrade shall apply where confidence scoring may be interpreted as public authority approval, finance-readiness, investment advice, certification, recognition, procurement preference, provider endorsement, sponsor approval, protocol effect, rating, guarantee, public warning, emergency command, or execution readiness.

8.5.5(j) A downgrade shall be recorded with the basis, affected score, prior status, new status, effective date, reviewer, method used, affected dependencies, and correction path.

8.5.5(k) The controlling rule shall be that confidence must be reduced, qualified, held, or restricted where evidence conditions make stronger confidence unsafe, unsupported, or boundary-inflating.

***

8.5.6 Confidence Updates and Confidence Change Logs.\
8.5.6(a) GCRI Canada shall maintain, or cause to be maintained, confidence updates and confidence change logs for material confidence scores, confidence bands, confidence labels, confidence indicators, confidence notes, and equivalent confidence artifacts.

8.5.6(b) Confidence updates shall be required where new evidence, corrected evidence, corrected source lineage, corrected data, corrected methods, corrected confidence inputs, corrected public-safe classification, corrected ontology, corrected model records, corrected observability records, additional corroboration, new contradiction, dispute, challenge, missing evidence, stale evidence, spoof risk, cyber risk, privacy risk, public authority risk, finance-boundary risk, provider influence, sponsor influence, or changed context materially affects confidence.

8.5.6(c) Confidence change logs shall identify the affected record or output, prior confidence status, new confidence status, reason for change, source of change, reviewer, approving actor where required, method used, date, effective date, evidence affected, methods affected, data affected, models affected, observability affected, public-safe effect, finance-safe effect where material, public authority effect where material, provider effect where material, sponsor effect where material, affected dependencies, notice decision, and correction path.

8.5.6(d) Confidence changes shall distinguish increase, decrease, qualification, suspension, reinstatement, correction, recalibration, reclassification, supersession, withdrawal, retraction, retirement, archive, and no-change determinations.

8.5.6(e) Confidence increases shall require adequate basis and shall not be made merely because evidence has become more visible, sponsor-supported, provider-promoted, public authority-attended, finance-facing, repeated in public materials, displayed in dashboards, or incorporated into Nexus interfaces.

8.5.6(f) Confidence decreases shall not be suppressed because reduction may affect reputation, sponsor comfort, provider comfort, public authority comfort, finance-facing usefulness, media narrative, project momentum, or public visibility.

8.5.6(g) Where confidence changes materially affect public-safe outputs, dashboards, maps, Evidence Packs, Decision Packs, GRF inputs, GRA inputs, Protocol Authority support, public authority materials, finance-facing materials, provider materials, sponsor materials, host materials, community-facing materials, technical baselines, public-good software, Nexus interface records, or public claims, GCRI Canada shall review downstream dependencies and determine whether correction, reissue, notice, restriction, supersession, withdrawal, or retraction is required.

8.5.6(h) The controlling rule shall be that confidence must be capable of changing because evidence stewardship requires transparent adjustment when the record changes.

***

8.5.7 Confidence Thresholds for Public-Safe Release, Controlled-Room Release, GRF Input, GRA Input, Protocol Authority Input, Public Authority Learning, and Technical Publication.\
8.5.7(a) GCRI Canada may establish confidence thresholds, threshold bands, release criteria, review criteria, or readiness-for-use criteria for public-safe release, controlled-room release, GRF input, GRA input, Protocol Authority input, public authority learning, technical publication, dashboards, maps, Evidence Packs, Decision Packs, Academy materials, technical baselines, public-good software outputs, and other Truth Engine-supported outputs.

8.5.7(b) Confidence thresholds shall be method-documented, versioned, fit for purpose, proportionate to risk, audience-specific, classification-aware, public-safe aware, boundary-aware, and correctionable.

8.5.7(c) Public-safe release thresholds shall account for source quality, corroboration, confidence, uncertainty, limitations, public-safe classification, privacy, cybersecurity, sovereign data, protected knowledge, community safeguards, public authority boundaries, finance boundaries, provider neutrality, sponsor non-control, and risk of public overclaim.

8.5.7(d) Controlled-room release thresholds shall account for access authority, handling class, confidentiality, restricted evidence status, public authority restrictions, finance-sensitive status, cyber-sensitive status, infrastructure-sensitive status, rights-bearing data, protected knowledge, source protection, permitted use, prohibited use, and recipient obligations.

8.5.7(e) GRF input thresholds shall account for whether evidence is sufficient for recognition-supporting, standing-supporting, maturity-context, claims-discipline, Docket, Grid, or public-safe reporting input without being described as GRF recognition or claims approval by GCRI Canada.

8.5.7(f) GRA input thresholds shall account for whether evidence is sufficient for finance-readiness input, capital-reader literacy input, Proof Pack component input, insurance-readiness input, RNFD input, NFD input, UNFSD input, or Rails handoff without being described as finance-readiness, investment advice, rating, guarantee, public finance approval, or capital commitment by GCRI Canada.

8.5.7(g) Protocol Authority input thresholds shall account for whether evidence and methods are sufficient for standards support, conformance-supporting tools, proof-receipt support, technical validity support, or protocol evidence support without creating protocol effect, certification, conformance determination, role key, smart license, entitlement state, or external force by default.

8.5.7(h) Public authority learning thresholds shall account for whether evidence is sufficient to support learning, literacy, scenario review, technical understanding, or public-safe interpretation without creating public authority decision, official guidance, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, or sovereign obligation.

8.5.7(i) Technical publication thresholds shall account for accuracy, reproducibility where appropriate, method documentation, confidence, uncertainty, public-safe status, IP status, privacy, cybersecurity, controlled technology, export-control, sanctions, protected knowledge, provider-neutrality, sponsor non-control, and correction path.

8.5.7(j) Failure to meet a confidence threshold shall not necessarily mean evidence is false; it shall mean that the evidence does not meet the recorded threshold for the proposed use without further review, qualification, restriction, correction, or additional evidence.

8.5.7(k) The controlling rule shall be that confidence thresholds govern permitted use and release conditions, not institutional authority, recognition, certification, finance-readiness, public authority effect, or execution.

***

8.5.8 Confidence Scores in Dashboards, Maps, Reports, Evidence Packs, and Decision Packs.\
8.5.8(a) Confidence scores used in dashboards, maps, reports, Evidence Packs, Decision Packs, public-safe summaries, Observatory outputs, Truth Engine outputs, Docket records, Grid records, Rails handoffs, GRF inputs, GRA inputs, Protocol Authority support, public authority materials, finance-facing materials, provider materials, sponsor materials, host materials, community-facing materials, Academy materials, technical baselines, public-good software, APIs, or public claims shall be displayed or described only with appropriate context and boundary controls.

8.5.8(b) Dashboard and map confidence displays shall avoid false precision, misleading colors, unexplained labels, hidden uncertainty, omitted limitations, unreviewed aggregation, unsafe geospatial specificity, public warning implication, emergency command implication, public authority implication, finance implication, provider preference, sponsor validation, or execution implication.

8.5.8(c) Reports and public-safe summaries using confidence scores shall state, where material, what the score measures, what it does not measure, what sources and methods support it, what limitations apply, what uncertainty remains, what use is permitted, what use is prohibited, and how the score may be corrected or updated.

8.5.8(d) Evidence Packs and Decision Packs using confidence scores shall link confidence to source records, method records, evidence records, dataset records, model records, observability records, ontology records, review records, uncertainty treatment, limitations, dependency records, and correction path.

8.5.8(e) Confidence scores used in finance-facing materials shall include finance-safe boundary language and shall not be displayed or described as finance-readiness, investment quality, bankability, fundability, credit quality, insurance quality, underwriting quality, rating, guarantee, or capital suitability.

8.5.8(f) Confidence scores used in public authority materials shall include public authority boundary language and shall not be displayed or described as official guidance, public authority finding, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, or public adoption.

8.5.8(g) Confidence scores used in provider-facing or sponsor-facing materials shall preserve provider neutrality and sponsor non-control and shall not be displayed or described as endorsement, preferred status, procurement advantage, certification, recognition, sponsor approval, or outcome purchase.

8.5.8(h) Confidence scores used in public dashboards, public maps, public reports, or public claims shall be public-safe, limitation-aware, correctionable, and accompanied by sufficient explanation to prevent score inflation.

8.5.8(i) The controlling rule shall be that confidence scores must be shown in ways that improve interpretation without creating false certainty, unsafe reliance, or unauthorized status.

***

8.5.9 Prohibition on Marketing Confidence Scores as Ratings, Approvals, Guarantees, Certifications, Finance-Readiness, or Public Authority Decisions.\
8.5.9(a) GCRI Canada shall prohibit the marketing, promotion, sale, public framing, public claim, sponsor use, provider use, host use, National Company use, Project SPV use, public authority-adjacent use, capital-reader use, media use, or Nexus use of confidence scores as ratings, approvals, guarantees, certifications, finance-readiness, public authority decisions, procurement preference, provider endorsement, sponsor approval, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution readiness.

8.5.9(b) No person shall use a GCRI Canada confidence score to state or imply that a technology, provider, sponsor, host, National Company, Project SPV, node, cluster, Observatory output, dashboard, map, public authority context, project, asset, community, risk, resilience claim, evidence pack, decision pack, technical baseline, public-good software artifact, or Nexus interface has been certified, recognized, approved, endorsed, rated, guaranteed, made finance-ready, made procurement-ready, made public-authority-approved, or cleared for execution by GCRI Canada.

8.5.9(c) Prohibited marketing uses include use of confidence scores in pitch decks, investor materials, insurance materials, lending materials, public finance materials, procurement materials, RFP responses, provider sales materials, sponsor materials, host materials, media claims, websites, social media, badges, labels, seals, dashboards, maps, repository descriptions, technical documentation, or event materials in a manner that implies unauthorized status.

8.5.9(d) GCRI Canada shall require confidence-score users to preserve approved boundary language, permitted-use limits, prohibited-use limits, public-safe context, finance-safe context where applicable, public authority boundary language where applicable, provider-neutrality language where applicable, sponsor non-control language where applicable, correction paths, and supersession status.

8.5.9(e) Where a confidence score is marketed or used in violation of this section, GCRI Canada may require correction, withdrawal, retraction, relabeling, removal of references, public-safe clarification, controlled notice, suspension of access, termination of interface, contract remedy, or legal action where appropriate.

8.5.9(f) Sponsor support, provider participation, host support, public authority attendance, capital-reader interest, media coverage, Nexus Universe participation, Docket presence, Grid presence, Observatory visibility, Truth Engine output, technical baseline use, or public-good software use shall not cure confidence-score misuse.

8.5.9(g) GCRI Canada shall not sell, license, distribute, package, or endorse confidence scores as commercial ratings, investment scores, insurance scores, procurement rankings, provider certifications, public authority approvals, maturity seals, resilience ratings, or execution readiness marks.

8.5.9(h) The controlling rule shall be that confidence scores may support evidence interpretation, but they shall not be converted into marketable authority.

***

8.5.10 Confidence Records, Reviewer Records, Approval Records, and Correction Records.\
8.5.10(a) GCRI Canada shall maintain, or cause to be maintained, confidence records, reviewer records, approval records where applicable, and correction records for material confidence scores, confidence bands, confidence labels, confidence indicators, confidence notes, threshold determinations, confidence changes, confidence downgrades, confidence suspensions, confidence reinstatements, and confidence-related public-safe outputs.

8.5.10(b) Confidence records shall identify the confidence artifact, evidence question, affected record or output, confidence method, method version, sources considered, evidence classes considered, data classes considered, technology domain, risk domain, context, score or label assigned, confidence basis, uncertainty treatment, limitations, downgrade factors, boundary factors, public-safe status, permitted use, prohibited use, reviewer, approval status where applicable, effective date, dependency links, and correction path.

8.5.10(c) Reviewer records shall identify reviewer role, authority, competence, access authority, conflict status, review scope, review method, dissent where any, limitation where any, approval where any, escalation pathway, and closeout requirement.

8.5.10(d) Approval records shall identify, where applicable, the actor approving use of a confidence score or threshold for public-safe release, controlled-room release, GRF input, GRA input, Protocol Authority input, public authority learning, technical publication, dashboard display, map display, Evidence Pack use, Decision Pack use, finance-facing use, provider-facing use, sponsor-facing use, or public claim support.

8.5.10(e) Correction records shall identify confidence correction type, prior confidence status, corrected confidence status, reason, source of correction, reviewer, approving actor where applicable, effective date, confidence effect, uncertainty effect, public-safe effect, finance-safe effect where material, public authority effect where material, provider effect where material, sponsor effect where material, affected dependencies, notice decision, and archive treatment.

8.5.10(f) Confidence records shall be linked, where applicable, to source comparison records, corroboration records, contradiction records, dispute records, Evidence Register entries, Method Register entries, Dataset Register entries, Model Register entries, Observability Register entries, Ontology and Controlled Vocabulary Register entries, Evidence Pack Register entries, Decision Pack Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, Nexus interface records, and public claims records.

8.5.10(g) Where confidence records are corrected, challenged, reclassified, restricted, superseded, withdrawn, retracted, downgraded, suspended, reinstated, retired, or archived, affected downstream records and outputs shall be reviewed.

8.5.10(h) Confidence records, reviewer records, approval records, and correction records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.5.10(i) The controlling rule shall be that confidence governance requires records because confidence that cannot be reviewed, challenged, corrected, or traced is merely institutional assertion.

### 8.6 Uncertainty, Limitations, and False-Precision Controls

8.6.1 Uncertainty as Required Attribute of Material Truth Engine Outputs.\
8.6.1(a) GCRI Canada shall require uncertainty treatment as a material attribute of Nexus Truth Engine outputs where uncertainty affects evidence meaning, confidence, public-safe status, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, community-facing interpretation, protected knowledge treatment, Nexus interface meaning, public claims, or downstream dependency.

8.6.1(b) Uncertainty treatment shall apply to source comparison outputs, corroboration outputs, contradiction records, dispute records, confidence scores, Evidence Packs, Decision Packs, dashboards, maps, reports, public-safe summaries, controlled annexes, technical baselines, public-good software outputs, model outputs, AI outputs, digital twin outputs, simulation outputs, observability outputs, Docket inputs, Grid inputs, Rails handoffs, GRF inputs, GRA inputs, Protocol Authority support, public authority materials, finance-facing materials, provider materials, sponsor materials, host materials, community-facing materials, Academy materials, public claims, and correction notices.

8.6.1(c) Uncertainty shall not be omitted merely because it is difficult to quantify, inconvenient to explain, unattractive in public materials, uncomfortable for sponsors, uncomfortable for providers, uncomfortable for public authorities, undesirable for finance-facing materials, inconsistent with media narrative, or disruptive to program momentum.

8.6.1(d) Uncertainty shall be recorded in a form proportionate to the output and audience, including narrative uncertainty, categorical uncertainty, quantitative uncertainty, confidence-linked uncertainty, assumption-based uncertainty, range-based uncertainty, limitation-based uncertainty, source-based uncertainty, or controlled-room uncertainty where public disclosure would be unsafe.

8.6.1(e) Uncertainty treatment shall distinguish known facts, supported inferences, assumptions, estimates, modeled outputs, disputed points, missing evidence, stale evidence, contested evidence, public-safe omissions, and matters outside the record.

8.6.1(f) Uncertainty shall not prevent GCRI Canada from producing evidence support where the record is useful, bounded, public-safe, and fit for purpose; but uncertainty shall prevent GCRI Canada from overstating truth, precision, confidence, maturity, readiness, recognition, finance-readiness, public authority meaning, certification, procurement relevance, provider status, sponsor validation, protocol effect, or execution consequence.

8.6.1(g) Where uncertainty is material and cannot be responsibly characterized, GCRI Canada shall hold, qualify, restrict, downgrade, delay, reclassify, or decline the output rather than permit false certainty.

8.6.1(h) The controlling rule shall be that Truth Engine outputs are not institutionally reliable unless material uncertainty is identified, bounded, communicated where appropriate, and correctionable.

***

8.6.2 Uncertainty Types: Measurement, Model, Source, Temporal, Spatial, Contextual, Statistical, Operational, Legal, Public Authority, Community, and Interpretive.\
8.6.2(a) GCRI Canada shall recognize and govern distinct types of uncertainty, including measurement uncertainty, model uncertainty, source uncertainty, temporal uncertainty, spatial uncertainty, contextual uncertainty, statistical uncertainty, operational uncertainty, legal uncertainty, public authority uncertainty, community uncertainty, protected knowledge uncertainty, finance-boundary uncertainty, provider-related uncertainty, sponsor-related uncertainty, and interpretive uncertainty.

8.6.2(b) Measurement uncertainty shall include limits arising from sensor calibration, reference sensor status, device quality, telemetry integrity, AI-RAN signal interpretation, O-RAN signal interpretation, private wireless signal interpretation, DePIN telemetry, cyber logs, geospatial resolution, satellite imagery, Earth observation conditions, environmental noise, sampling conditions, clock drift, location accuracy, and instrument error.

8.6.2(c) Model uncertainty shall include limits arising from model assumptions, training data, fine-tuning, retrieval, embedding, inference conditions, calibration, validation, drift, bias, hallucination risk, digital twin assumptions, simulation parameters, scenario boundaries, statistical fit, sensitivity, uncertainty propagation, and model applicability to the evidence question.

8.6.2(d) Source uncertainty shall include limits arising from source identity, source reliability, source independence, source completeness, source bias, source authority, source permission, source custody, source documentation, sponsor-supplied information, provider-supplied information, host-supplied information, public authority source status, community source context, and correction history.

8.6.2(e) Temporal uncertainty shall include limits arising from stale evidence, delayed data, different collection times, update frequency, latency, time-zone treatment, event sequencing, version currency, changing technology, changing public authority context, changing community context, changing provider context, changing sponsor context, and changed conditions after publication.

8.6.2(f) Spatial uncertainty shall include limits arising from location accuracy, geospatial resolution, aggregation, safe location treatment, map scale, projection, boundary ambiguity, remote sensing limits, public-safe masking, sensitive-site redaction, community-identifiable geography, infrastructure-sensitive geography, and territorial or jurisdictional boundary complexity.

8.6.2(g) Contextual uncertainty shall include limits arising from jurisdiction, legal context, public authority capacity, community context, Indigenous or local knowledge context, protected knowledge context, cultural context, technology domain, risk domain, operating conditions, sector conditions, public-safe constraints, and audience-specific meaning.

8.6.2(h) Statistical uncertainty shall include limits arising from sample size, representativeness, missing data, variance, confidence intervals where applicable, uncertainty intervals where applicable, error rates, false positives, false negatives, selection bias, survivorship bias, data imbalance, and extrapolation.

8.6.2(i) Operational uncertainty shall include limits arising from system status, deployment status, maintenance status, degraded mode, cyber conditions, incident conditions, operator context, host conditions, provider conditions, infrastructure status, supply-chain status, and field conditions.

8.6.2(j) Legal and public authority uncertainty shall include limits arising from applicable law, jurisdictional authority, public authority capacity, official or non-official source status, regulatory context, procurement context, public finance context, emergency-management context, public warning context, confidentiality, data-sharing authority, and whether a public authority has acted through its own lawful process and record.

8.6.2(k) Community, Indigenous, local, territorial, cultural, environmental, and protected knowledge uncertainty shall include limits arising from consent or non-consent, access restrictions, cultural protocol, community protocol, translation, contextual meaning, public-safe restrictions, relationship-based knowledge, protected knowledge limits, and risks of extraction, exposure, erasure, or harm.

8.6.2(l) Interpretive uncertainty shall include limits arising from competing explanations, ambiguous evidence, conflicting definitions, semantic drift, translation differences, localization differences, controlled vocabulary mismatch, incomplete context, inference chains, and unresolved disputes.

8.6.2(m) The controlling rule shall be that uncertainty must be named at the level at which it arises because generic uncertainty language cannot safely govern complex evidence.

***

8.6.3 Limitation Statements for Sources, Methods, Models, Data, Dashboards, Maps, Digital Twins, Simulations, and AI Outputs.\
8.6.3(a) GCRI Canada shall require limitation statements for material Truth Engine outputs where sources, methods, models, data, dashboards, maps, digital twins, simulations, AI outputs, observability systems, confidence scores, or public-safe summaries could be misread beyond their recorded scope.

8.6.3(b) Source limitation statements shall identify, where material, source type, source authority, source completeness, source independence, source permission, source reliability, source timeliness, source bias, source custody, source context, lawful-use limits, public-safe limits, and correction path.

8.6.3(c) Method limitation statements shall identify, where material, method scope, method version, assumptions, exclusions, required inputs, output limits, validation status, calibration status, context limits, technology-domain limits, public-safe limits, finance-boundary limits, public authority boundary limits, provider-neutrality limits, sponsor non-control limits, and correction path.

8.6.3(d) Model and AI limitation statements shall identify, where material, model identity, model version, dataset dependencies, training or retrieval limits, inference limits, hallucination risks, bias risks, drift risks, prompt or input limits, human review requirements, prohibited uses, public-safe limits, privacy limits, cyber limits, sovereign data limits, protected knowledge limits, and correction path.

8.6.3(e) Data limitation statements shall identify, where material, dataset source, data class, quality, completeness, missingness, sampling limits, temporal coverage, spatial coverage, transformations, de-identification status, re-identification risk, inference risk, lawful basis, permission limits, transfer limits, publication limits, and correction path.

8.6.3(f) Dashboard and map limitation statements shall identify, where material, update frequency, latency, data coverage, aggregation, geospatial precision, safe-location treatment, visualization simplification, label meaning, score meaning, color meaning, public warning boundary, emergency command boundary, public authority boundary, finance boundary, provider neutrality, sponsor non-control, permitted use, prohibited use, and correction path.

8.6.3(g) Digital twin and simulation limitation statements shall identify, where material, assumptions, boundary conditions, calibration, validation, scenario scope, sensitivity, input data limits, uncertainty propagation, model drift, omitted variables, counterfactual limits, temporal limits, spatial limits, and the distinction between scenario output and decision.

8.6.3(h) Limitation statements shall be linked, where applicable, to evidence records, source comparison records, confidence records, method records, dataset records, model records, observability records, public-safe output records, correction records, and dependency records.

8.6.3(i) Limitation statements shall not be used to excuse defective evidence, unsafe publication, unreviewed methods, unlawful data use, public authority confusion, finance overclaim, provider preference, sponsor control, or unsupported public claims.

8.6.3(j) The controlling rule shall be that limitations must define what an output can and cannot mean; they are part of the output, not peripheral disclaimers.

***

8.6.4 False-Precision Controls.\
8.6.4(a) GCRI Canada shall maintain false-precision controls to prevent Truth Engine outputs from appearing more exact, certain, current, complete, authoritative, comparable, public-safe, finance-relevant, public authority-relevant, provider-relevant, sponsor-relevant, or execution-ready than the records support.

8.6.4(b) False precision may arise through numeric scores, confidence bands, percentages, rankings, colors, dashboards, maps, heatmaps, thresholds, badges, labels, maturity-context signals, readiness-context signals, benchmark outputs, model outputs, AI-generated summaries, digital twin outputs, geospatial overlays, proof receipts, blockchain anchors, DePIN records, sensor fusion, risk indicators, resilience indicators, or simplified public-facing statements.

8.6.4(c) Numeric outputs shall not be used where the underlying evidence does not support numeric precision. Where numeric outputs are used, GCRI Canada shall identify method, scale, meaning, limits, uncertainty, public-safe status, permitted use, prohibited use, and correction path.

8.6.4(d) Rankings and ordered lists shall not be used where they would imply certification, rating, provider preference, procurement preference, public authority approval, finance-readiness, maturity status, recognition, or market superiority without proper authority and record.

8.6.4(e) Dashboard colors, map colors, alert-like symbols, warning-like icons, labels, badges, seals, and visual status indicators shall not imply public warning, emergency command, public authority decision, certification, recognition, finance-readiness, procurement approval, provider endorsement, sponsor approval, protocol effect, rating, guarantee, or execution readiness.

8.6.4(f) Aggregated outputs shall not conceal material variation, community-specific risk, protected knowledge limits, local context, Indigenous or territorial context, public authority context, minority evidence, missing data, stale data, or conflicting evidence where such concealment would mislead.

8.6.4(g) Simplified public-safe summaries shall not remove uncertainty, limitations, confidence caveats, classification limits, public authority boundaries, finance boundaries, provider-neutrality limits, sponsor non-control limits, or correction paths where removal would create misleading certainty.

8.6.4(h) Where false precision is detected, GCRI Canada shall relabel, revise, qualify, downgrade, reclassify, restrict, correct, supersede, withdraw, retract, or reissue the affected output and review downstream dependencies.

8.6.4(i) The controlling rule shall be that precision is permitted only where earned by the record; otherwise precision becomes overclaim.

***

8.6.5 Uncertainty Visualization and Public-Safe Explanation.\
8.6.5(a) GCRI Canada may use uncertainty visualization and public-safe explanation methods to make uncertainty understandable without making it misleading, unsafe, overly technical, falsely reassuring, falsely alarming, public-authority-like, finance-like, certification-like, recognition-like, or execution-like.

8.6.5(b) Uncertainty visualization may include ranges, bands, categories, confidence intervals where appropriate, uncertainty intervals where appropriate, shaded areas, qualitative labels, missing-data markers, stale-data markers, disputed-evidence markers, source-limitation markers, map-resolution limits, dashboard notes, public-safe annotations, controlled annexes, and explanatory text.

8.6.5(c) Uncertainty visualization shall not use designs that imply public warning, emergency command, official hazard designation, regulatory finding, procurement ranking, financial rating, insurance rating, credit rating, provider endorsement, sponsor approval, certification, recognition, maturity status, protocol effect, operational clearance, or execution readiness.

8.6.5(d) Public-safe explanation shall state, where material, what is known, what is uncertain, what is disputed, what is missing, what is stale, what is inferred, what is assumed, what is modeled, what is excluded, what is restricted, what cannot be published, what should not be relied upon, and how the output may change.

8.6.5(e) Public-safe explanations shall be proportionate to audience and risk. Technical audiences may receive detailed method and uncertainty treatment, while public-facing audiences may receive bounded plain-language explanations, provided that simplification does not create false certainty or unsafe reliance.

8.6.5(f) Where full uncertainty explanation cannot be public because of privacy, cybersecurity, public authority restrictions, protected knowledge, community safety, sovereign data, commercial sensitivity, finance sensitivity, legal sensitivity, source protection, or controlled technology, GCRI Canada may issue public-safe summaries and controlled annexes that preserve public meaning without unsafe disclosure.

8.6.5(g) Uncertainty visualization and explanation shall be reviewed for accessibility, translation, localization, cultural context, community context, public authority context, and public-safe interpretation where material.

8.6.5(h) The controlling rule shall be that uncertainty must be made legible enough to prevent overclaim and bounded enough to prevent harm.

***

8.6.6 Treatment of Unknowns, Assumptions, Proxies, Gaps, and Inference Chains.\
8.6.6(a) GCRI Canada shall maintain methods for the treatment of unknowns, assumptions, proxies, gaps, and inference chains in material Truth Engine outputs.

8.6.6(b) Unknowns shall be recorded where material facts, sources, conditions, causes, impacts, permissions, contexts, dependencies, or downstream effects are not known, not yet known, not knowable through available methods, not lawfully accessible, not safely publishable, or not properly within GCRI Canada’s role to determine.

8.6.6(c) Assumptions shall be recorded where an output depends on unstated or stated premises, model conditions, scenario conditions, source interpretation, method selection, public authority context, community context, technology status, provider status, sponsor status, legal context, finance-facing context, or operating conditions.

8.6.6(d) Proxies shall be recorded where an indirect measure, surrogate indicator, representative dataset, benchmark, model output, similarity measure, public record, index, synthetic data, reference sensor, or substituted source is used in place of direct evidence.

8.6.6(e) Gaps shall be recorded where evidence is missing, incomplete, stale, restricted, non-public-safe, inaccessible, uncollected, redacted, disputed, geographically limited, temporally limited, population-limited, source-limited, method-limited, or outside current review capacity.

8.6.6(f) Inference chains shall be recorded where an output depends on multiple steps from source to data, data to evidence, evidence to confidence, confidence to summary, summary to dashboard, dashboard to public-safe output, public-safe output to handoff, or handoff to downstream use.

8.6.6(g) Assumptions, proxies, gaps, and inference chains shall be distinguished from direct evidence and shall not be hidden inside confidence scores, dashboards, maps, AI-generated summaries, digital twins, simulations, risk indicators, resilience indicators, Evidence Packs, Decision Packs, or public claims.

8.6.6(h) Where an output materially depends on assumptions, proxies, gaps, or inference chains, GCRI Canada shall determine whether the output requires qualification, downgrade, controlled-room treatment, public-safe explanation, additional evidence collection, restriction, delay, supersession, withdrawal, or correction.

8.6.6(i) The controlling rule shall be that unknowns, assumptions, proxies, gaps, and inference chains must be visible in the record because hidden assumptions create false certainty.

***

8.6.7 Confidence / Uncertainty Pairing Requirements.\
8.6.7(a) GCRI Canada shall pair confidence and uncertainty treatment in material Nexus Truth Engine outputs so that confidence is not communicated without uncertainty and uncertainty is not communicated without sufficient context for interpretation.

8.6.7(b) Where a confidence score, confidence band, confidence label, confidence note, or confidence indicator is used, the output shall state or link to the uncertainty, limitation, assumptions, source constraints, method constraints, missing evidence, stale evidence, disputed evidence, public-safe constraints, and correction path material to that confidence.

8.6.7(c) Where uncertainty is substantial, unresolved, high-consequence, context-dependent, or public-safe restricted, the output shall not use confidence language that implies stronger evidence than the record supports.

8.6.7(d) Where confidence is high but uncertainty remains material, GCRI Canada shall explain the difference between confidence in the available evidence and uncertainty about scope, future conditions, external validity, legal meaning, public authority meaning, finance-facing meaning, provider meaning, sponsor meaning, or downstream effect.

8.6.7(e) Where uncertainty is low but evidence remains limited in purpose, scope, audience, public-safe status, finance-facing status, public authority-facing status, provider-facing status, sponsor-facing status, or jurisdiction, GCRI Canada shall preserve the limitation and shall not permit confidence to migrate into unauthorized contexts.

8.6.7(f) Confidence / uncertainty pairing shall apply to dashboards, maps, public-safe summaries, reports, Evidence Packs, Decision Packs, Truth Engine outputs, Observatory outputs, Docket inputs, Grid inputs, Rails handoffs, GRF inputs, GRA inputs, Protocol Authority support, public authority materials, finance-facing materials, provider materials, sponsor materials, community-facing materials, Academy materials, technical baselines, public-good software documentation, and public claims.

8.6.7(g) Confidence / uncertainty pairing shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.6.7(h) The controlling rule shall be that confidence without uncertainty overstates truth, and uncertainty without context obscures truth.

***

8.6.8 Uncertainty Escalation for High-Consequence Outputs.\
8.6.8(a) GCRI Canada shall escalate uncertainty treatment for high-consequence outputs where uncertainty may materially affect public safety, privacy, cybersecurity, sovereign data, protected knowledge, community harm, public authority interpretation, finance-facing interpretation, provider-neutrality, sponsor non-control, procurement implication, certification implication, recognition implication, protocol implication, public warning implication, emergency-command implication, market consequence, legal compliance, or institutional trust.

8.6.8(b) High-consequence outputs may include public-safe reports, public dashboards, public maps, hazard-adjacent outputs, health-adjacent outputs, cyber-sensitive outputs, infrastructure-sensitive outputs, public authority learning materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority support, Docket records, Grid records, Observatory outputs, Truth Engine outputs, Rails handoffs, National Company interfaces, Project SPV interfaces, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, media materials, and public claims.

8.6.8(c) Uncertainty escalation may require evidence steward review, method steward review, data steward review, model steward review, public-safe publication review, privacy review, cybersecurity review, AI review, sovereign data review, safeguards review, Indigenous or protected knowledge review, public authority boundary review, finance boundary review, provider-neutrality review, sponsor non-control review, competition review, legal review, committee review, officer escalation, board escalation, or external expert review where appropriate.

8.6.8(d) Where uncertainty is high and consequence is high, GCRI Canada shall consider hold, restriction, controlled-room use, public-safe qualification, downgrade, additional evidence collection, method review, model review, public authority boundary review, finance-boundary review, safeguards review, delay, withdrawal, or non-publication.

8.6.8(e) Where uncertainty cannot be publicly explained without exposing protected material, GCRI Canada may issue controlled uncertainty notes, controlled annexes, or targeted notices to authorized recipients while preserving public-safe meaning in any public output.

8.6.8(f) High-consequence uncertainty shall not be suppressed by sponsor request, provider request, public authority discomfort, capital-reader preference, media strategy, program deadline, event timing, technical convenience, or public-relations concern.

8.6.8(g) Escalation records shall identify the output, uncertainty type, consequence type, review pathway, interim controls, decision, limitations, public-safe status, notice decision, and correction path.

8.6.8(h) The controlling rule shall be that uncertainty must be escalated when the cost of being misunderstood is high.

***

8.6.9 Correction Where Uncertainty Is Understated or Misread.\
8.6.9(a) GCRI Canada shall correct Truth Engine outputs where uncertainty has been understated, omitted, misclassified, concealed, visually minimized, compressed, mistranslated, misread, misused, or communicated in a manner that creates false precision, false confidence, public authority confusion, finance overclaim, provider preference, sponsor validation, certification implication, recognition implication, protocol implication, public warning implication, emergency-command implication, or execution implication.

8.6.9(b) Correction shall apply where uncertainty is understated in confidence scores, dashboards, maps, reports, public-safe summaries, controlled annexes, Evidence Packs, Decision Packs, Docket records, Grid records, Observatory outputs, Truth Engine outputs, Rails handoffs, GRF inputs, GRA inputs, Protocol Authority support, public authority materials, finance-facing materials, provider materials, sponsor materials, host materials, community-facing materials, technical baselines, public-good software documentation, Academy materials, media materials, public claims, or correction notices.

8.6.9(c) Misread uncertainty shall include cases where audiences reasonably interpret uncertainty language, labels, scores, colors, bands, maps, charts, dashboards, summaries, or caveats as stronger, weaker, more official, more public-safe, more finance-relevant, more public authority-relevant, more provider-relevant, more sponsor-validating, or more execution-ready than intended.

8.6.9(d) Where uncertainty is understated or misread, GCRI Canada shall consider relabeling, revised uncertainty language, revised limitation statement, revised dashboard design, revised map design, revised confidence pairing, public-safe clarification, controlled correction notice, public correction notice, downgrade, restriction, supersession, withdrawal, retraction, training update, method update, or interface correction.

8.6.9(e) Where third parties use GCRI Canada outputs to suppress uncertainty, remove limitations, exaggerate confidence, market evidence as ratings, claim approval, imply finance-readiness, imply public authority decision, imply provider endorsement, imply sponsor validation, imply certification, imply recognition, imply protocol effect, or imply execution readiness, GCRI Canada shall require correction, withdrawal, retraction, removal, public-safe clarification, controlled notice, interface suspension, or other remedy as appropriate.

8.6.9(f) Correction of understated uncertainty shall include dependency review where affected outputs have been used in public authority materials, finance-facing materials, GRF materials, GRA materials, Protocol Authority materials, provider materials, sponsor materials, host materials, community-facing materials, public-safe publications, dashboards, maps, technical baselines, public-good software, Academy materials, media materials, or public claims.

8.6.9(g) GCRI Canada shall not allow reputational concern, sponsor concern, provider concern, public authority concern, capital-reader concern, or media concern to prevent correction where uncertainty has been understated or misread.

8.6.9(h) The controlling rule shall be that uncertainty correction is required whenever the public or controlled meaning of an output becomes more certain than the record permits.

***

8.6.10 Uncertainty Records, Limitation Records, Public-Safe Notes, and Supersession Records.\
8.6.10(a) GCRI Canada shall maintain, or cause to be maintained, uncertainty records, limitation records, public-safe notes, and supersession records for material Truth Engine outputs where uncertainty, limitations, public-safe explanation, or later replacement affects evidence meaning, confidence, permitted use, public-safe status, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, community-facing interpretation, Nexus interface meaning, downstream dependency, or public claims.

8.6.10(b) Uncertainty records shall identify the output, evidence question, uncertainty type, uncertainty source, affected sources, affected methods, affected datasets, affected models, affected observability records, affected assumptions, affected proxies, affected gaps, affected inference chains, confidence relationship, public-safe effect, finance-safe effect where material, public authority effect where material, provider effect where material, sponsor effect where material, community effect where material, reviewer, review status, permitted use, prohibited use, and correction path.

8.6.10(c) Limitation records shall identify source limitations, method limitations, data limitations, model limitations, AI limitations, digital twin limitations, simulation limitations, dashboard limitations, map limitations, public-safe limitations, access limitations, handling limitations, jurisdictional limitations, temporal limitations, spatial limitations, community limitations, public authority limitations, finance-boundary limitations, provider-neutrality limitations, sponsor non-control limitations, and downstream-use limitations.

8.6.10(d) Public-safe notes shall identify what uncertainty or limitation information may be publicly communicated, what information must remain controlled, what information is restricted by privacy, cybersecurity, sovereign data, public authority restriction, protected knowledge, community safeguard, commercial sensitivity, finance sensitivity, legal sensitivity, source protection, or controlled technology, and how the public-safe explanation preserves meaning without unsafe disclosure.

8.6.10(e) Supersession records shall identify prior output, superseding output, reason for supersession, uncertainty change, limitation change, confidence change, source change, method change, data change, model change, public-safe change, boundary-language change, effective date, affected dependencies, notice decision, archive status, and continuing validity where any.

8.6.10(f) Uncertainty records, limitation records, public-safe notes, and supersession records shall be linked, where applicable, to Evidence Register entries, Method Register entries, Dataset Register entries, Model Register entries, Observability Register entries, Ontology and Controlled Vocabulary Register entries, source comparison records, confidence records, corroboration records, contradiction records, dispute records, Evidence Pack entries, Decision Pack entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, Nexus interface records, and public claims records.

8.6.10(g) Uncertainty records, limitation records, public-safe notes, and supersession records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.6.10(h) The controlling rule shall be that uncertainty and limitations must be recorded because unrecorded uncertainty cannot govern confidence, publication, reliance, correction, or trust.

### 8.7 Truth Engine Output Classes

8.7.1 Internal Evidence Output.\
8.7.1(a) GCRI Canada may classify a Nexus Truth Engine output as an Internal Evidence Output where the output is intended for internal evidence review, method review, data review, model review, observability review, ontology review, public-safe review, correction review, governance review, committee review, officer review, Board review, or other internal institutional use within GCRI Canada’s non-executing evidence-and-methods mandate.

8.7.1(b) Internal Evidence Outputs may include source comparison notes, confidence notes, uncertainty notes, limitation notes, contradiction notes, dispute notes, missing-evidence notes, stale-evidence notes, spoof-risk notes, method review notes, data quality notes, model evaluation notes, observability review notes, ontology review notes, correction triggers, dependency notes, draft Evidence Pack components, draft Decision Pack components, and internal public-safe review materials.

8.7.1(c) Internal Evidence Outputs shall identify, where material, the evidence question, source records, method records, dataset records, model records, observability records, ontology terms, confidence treatment, uncertainty treatment, limitations, reviewer, status, access class, handling class, permitted use, prohibited use, public-safe status, dependency links, and correction path.

8.7.1(d) Internal Evidence Outputs shall not be externally circulated, publicly referenced, finance-facing, public authority-facing, GRF-facing, GRA-facing, Protocol Authority-facing, provider-facing, sponsor-facing, host-facing, community-facing, or media-facing unless reclassified, reviewed, and approved for the relevant output class.

8.7.1(e) Internal classification shall not permit weak records, uncontrolled methods, missing source lineage, improper AI use, unsafe data handling, public authority ambiguity, finance overclaim, provider preference, sponsor influence, protected knowledge exposure, or uncorrectable outputs. Internal materials remain subject to evidence integrity, safeguards, privacy, cybersecurity, controlled vocabulary, validity-by-record, and correctionability.

8.7.1(f) No Internal Evidence Output shall create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.1(g) Where an Internal Evidence Output is later used in another output class, GCRI Canada shall preserve source lineage, method, confidence, uncertainty, limitations, review status, access status, boundary language, and correction path.

8.7.1(h) The controlling rule shall be that internal Truth Engine output is for institutional evidence discipline, not hidden authority, informal decision-making, or unreviewed external reliance.

***

8.7.2 Controlled-Room Output.\
8.7.2(a) GCRI Canada may classify a Nexus Truth Engine output as a Controlled-Room Output where the output may be used only within a controlled room, data room, evidence room, clean room, secure collaboration room, public authority room, finance-safe room, technical review room, safeguards room, cyber room, protected knowledge room, or other restricted-access environment.

8.7.2(b) Controlled-Room Outputs may include restricted evidence summaries, controlled annexes, source comparison records, sensitive dashboards, sensitive maps, cyber-sensitive materials, infrastructure-sensitive materials, public authority restricted materials, finance-sensitive materials, health-sensitive materials, sovereign data materials, community-protected materials, Indigenous or protected knowledge materials, model evaluation materials, vulnerability-sensitive materials, and high-consequence dispute materials.

8.7.2(c) Controlled-Room Outputs shall identify room purpose, room sponsor where any, room host where any, room custodian, access authority, permitted participants, prohibited participants, data classes, evidence classes, handling class, public-safe status, confidentiality terms, AI-use limits, recording limits, export limits, citation limits, redistribution limits, permitted use, prohibited use, boundary language, review status, correction path, and closeout path.

8.7.2(d) Controlled-Room Outputs shall not be copied, exported, summarized, photographed, screen-captured, embedded, quoted, redistributed, used in public materials, used in finance-facing materials, used in public authority materials, used in provider materials, used in sponsor materials, or used in public claims except as expressly permitted by the room rules and applicable record.

8.7.2(e) Controlled-room treatment shall be used where public disclosure would risk privacy harm, cybersecurity harm, infrastructure exposure, public authority confusion, finance overclaim, protected knowledge misuse, community harm, source exposure, retaliation, legal risk, commercial sensitivity, controlled technology exposure, sanctions or export-control risk, or unsafe public reliance.

8.7.2(f) Controlled-Room Outputs shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.2(g) Where a Controlled-Room Output is converted into a public-safe summary, GRF input, GRA input, Protocol Authority input, public authority learning output, technical annex, dashboard, map, or report, GCRI Canada shall apply reclassification, redaction, aggregation, public-safe review, boundary review, and correction review before release.

8.7.2(h) The controlling rule shall be that controlled-room output permits safer review of sensitive evidence; it does not create secret authority, privileged status, financial effect, public authority effect, or execution clearance.

***

8.7.3 Public-Safe Output.\
8.7.3(a) GCRI Canada may classify a Nexus Truth Engine output as a Public-Safe Output where the output has been reviewed and approved for public-safe release within recorded scope, audience, limitations, classification, confidence, uncertainty, public authority boundary, finance boundary, provider-neutrality boundary, sponsor non-control boundary, protected knowledge safeguards, and correction path.

8.7.3(b) Public-Safe Outputs may include public-safe reports, public-safe summaries, public-safe dashboards, public-safe maps, public-safe visualizations, public-safe technical notes, public-safe glossaries, public-safe Academy materials, public-safe correction notices, public-safe Observatory summaries, public-safe Truth Engine summaries, public-safe Docket summaries, public-safe Grid summaries, public-safe Rails summaries, public-good software documentation, and technical baseline summaries.

8.7.3(c) Public-Safe Outputs shall identify, where material, source records, method records, evidence class, data class, public-safe status, redactions, aggregations, generalizations, responsible non-disclosure basis where any, confidence, uncertainty, limitations, permitted use, prohibited use, boundary language, correction path, supersession path, withdrawal path, retraction path where applicable, and archive path.

8.7.3(d) Public-safe status shall not mean complete disclosure, unrestricted reuse, public authority approval, finance-readiness, certification, recognition, procurement relevance, provider endorsement, sponsor approval, protocol effect, public warning, emergency command, operational clearance, or execution readiness.

8.7.3(e) Public-Safe Outputs shall not disclose personal information, rights-bearing data, cyber-sensitive information, infrastructure-sensitive information, public authority restricted information, sovereign-sensitive information, protected knowledge, community-sensitive information, source-protected information, controlled technology, confidential materials, or other restricted content unless lawful, safe, authorized, mission-compatible, and records-valid.

8.7.3(f) Public-Safe Outputs shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.3(g) Where a Public-Safe Output becomes inaccurate, stale, unsafe, overclaimed, misclassified, misused, or misread, GCRI Canada shall correct, supersede, withdraw, retract, relabel, restrict, or reissue the output and review downstream dependencies.

8.7.3(h) The controlling rule shall be that public-safe output makes evidence publicly usable only within recorded limits, not publicly authoritative for all purposes.

***

8.7.4 Public Authority Learning Output.\
8.7.4(a) GCRI Canada may classify a Nexus Truth Engine output as a Public Authority Learning Output where the output is prepared for evidence literacy, technical literacy, AI literacy, cyber literacy, systems-risk learning, scenario learning, public-safe interpretation, public authority capacity-building, or public-sector learning without delegated public authority.

8.7.4(b) Public Authority Learning Outputs may include briefings, scenario notes, evidence comparison summaries, confidence and uncertainty notes, public-safe dashboards, public-safe maps, controlled annexes, technical explainers, model limitation notes, cyber learning notes, observability learning materials, public authority room materials, and correction notices.

8.7.4(c) Public Authority Learning Outputs shall identify public authority capacity classification, audience, source records, method records, public authority data status, public-safe status, access class, handling class, permitted use, prohibited use, confidence, uncertainty, limitations, non-delegation language, non-endorsement language, non-procurement language, non-warning language, non-regulatory language, non-funding language, non-public-finance language, and correction path.

8.7.4(d) Public Authority Learning Outputs shall not be represented as official guidance, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, public health order, public safety directive, compliance determination, enforcement position, safe harbor, public adoption, sovereign obligation, or public authority decision.

8.7.4(e) Public authority names, logos, titles, photos, quotes, agency references, jurisdiction references, regulator-listening references, public finance references, emergency-management references, and public-sector data references shall be used only under applicable reference controls.

8.7.4(f) Public Authority Learning Outputs shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.4(g) Where Public Authority Learning Outputs are used or misread as public authority decisions, official guidance, public warnings, procurement approvals, regulatory approvals, funding approvals, public finance approvals, or sovereign obligations, GCRI Canada shall correct, clarify, restrict, withdraw, reissue, or notify affected interfaces as appropriate.

8.7.4(h) The controlling rule shall be that public authority learning output supports public-sector understanding but leaves public authority with public authorities.

***

8.7.5 GRF Input Output.\
8.7.5(a) GCRI Canada may classify a Nexus Truth Engine output as a GRF Input Output where the output is prepared to support The Global Risks Forum (GRF) through technical evidence inputs, source comparison records, confidence notes, uncertainty notes, Docket inputs, Grid inputs, maturity-context inputs, recognition-supporting evidence inputs, claims-discipline support, public-safe reporting support, correction records, or public-safe summaries.

8.7.5(b) GRF Input Outputs shall remain evidence and methods support to GRF. They shall not constitute GRF recognition, standing, maturity records, claims approval, public-facing legitimacy, registry status, stakeholder formation, public-safe reporting status, or public claim approval by GCRI Canada.

8.7.5(c) GRF Input Outputs shall identify source records, method records, evidence class, data class, public-safe status, GRF-facing status, access class, handling class, confidence, uncertainty, limitations, permitted use, prohibited use, boundary language, correction path, supersession path, withdrawal path, retraction path where applicable, and dependency links.

8.7.5(d) GRF shall remain responsible for any GRF act, including recognition, standing, maturity record, claims discipline, stakeholder formation, public-safe reporting, registry status, or public-facing legitimacy, through GRF’s own authority, procedures, records, and review.

8.7.5(e) GRF Input Outputs shall not be publicly described as GRF approval unless GRF has separately created the relevant approval or status through its own proper record and public-safe process.

8.7.5(f) GRF Input Outputs shall not create certification, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.5(g) Where a GRF Input Output is corrected, disputed, downgraded, reclassified, superseded, withdrawn, or retracted, GCRI Canada shall review affected GRF interface records and coordinate correction with GRF where appropriate.

8.7.5(h) The controlling rule shall be that GRF Input Outputs support GRF’s legitimacy function but do not perform it.

***

8.7.6 GRA Input Output.\
8.7.6(a) GCRI Canada may classify a Nexus Truth Engine output as a GRA Input Output where the output is prepared to support The Global Risks Alliance (GRA) through technical evidence inputs, risk evidence, host readiness evidence, node evidence, source comparison records, confidence notes, uncertainty notes, Proof Pack components, insurance-readiness inputs, capital-reader literacy inputs, RNFD inputs, NFD inputs, UNFSD inputs, Rails handoffs, correction records, or finance-safe summaries.

8.7.6(b) GRA Input Outputs shall remain evidence and methods support to GRA. They shall not constitute finance-readiness, capital-readiness, insurance-readiness, routeability, capital suitability, investor suitability, bankability, fundability, investment advice, securities recommendation, brokerage, placement, finder activity, lending, underwriting, insurance placement, rating, guarantee, public finance approval, capital commitment, or other financial act by GCRI Canada.

8.7.6(c) GRA Input Outputs shall identify source records, method records, evidence class, data class, finance-safe status where material, public-safe status, GRA-facing status, access class, handling class, confidence, uncertainty, limitations, permitted use, prohibited use, no-advice language, no-solicitation language, no-rating language, no-guarantee language, no-public-finance-approval language, correction path, supersession path, withdrawal path, retraction path where applicable, and dependency links.

8.7.6(d) GRA shall remain responsible for any GRA output, including finance-readiness, capital-readiness, insurance-readiness, capital readability, Proof Pack discipline, capital-reader room, RNFD, NFD, UNFSD, or regulated-perimeter output, through GRA’s own authority, procedures, records, review, and finance-safe boundary language.

8.7.6(e) GRA Input Outputs shall not be used in pitch decks, investment materials, insurance materials, lending materials, public finance materials, securities materials, procurement materials, sponsor materials, provider materials, SPV materials, National Company materials, or capital-reader materials in a manner that implies GCRI Canada investment advice, rating, guarantee, finance-readiness, or public finance approval.

8.7.6(f) GRA Input Outputs shall not create certification, recognition, public authority decision, procurement approval, provider endorsement, sponsor approval, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.6(g) Where a GRA Input Output is corrected, disputed, downgraded, reclassified, superseded, withdrawn, or retracted, GCRI Canada shall review affected GRA interface records and coordinate correction with GRA where appropriate.

8.7.6(h) The controlling rule shall be that GRA Input Outputs support finance-readiness discipline but do not issue finance-readiness or financial consequence.

***

8.7.7 Protocol Authority Input Output.\
8.7.7(a) GCRI Canada may classify a Nexus Truth Engine output as a Protocol Authority Input Output where the output is prepared to support Nexus Standards / Protocol Authority through evidence requirements, method profiles, source comparison records, confidence notes, uncertainty notes, ontology, controlled vocabulary, schemas, data dictionaries, proof-receipt logic, technical baselines, public-good software, APIs, reference architectures, conformance-supporting tools, evaluation harnesses, benchmark cards, correction records, or technical validity support.

8.7.7(b) Protocol Authority Input Outputs shall remain evidence and methods support. They shall not constitute protocol authority, certification, conformance determination, role key issuance, smart-license issuance, entitlement state, proof-receipt legal effect, external force, legal validity, operational clearance, technical certification, or protocol effect by default.

8.7.7(c) Protocol Authority Input Outputs shall identify source records, method records, evidence class, data class, technical baseline status where any, software status where any, public-safe status, protocol-facing status, access class, handling class, confidence, uncertainty, limitations, permitted use, prohibited use, protocol-boundary language, no-certification language, no-conformance-determination language, correction path, supersession path, withdrawal path, retirement path, and dependency links.

8.7.7(d) Nexus Standards / Protocol Authority shall remain responsible for any protocol effect, conformance logic, role keys, smart licenses, proof receipts, entitlement states, anchoring discipline, technical validity surface, or standards effect created through its own authority, instruments, records, procedures, and boundary language.

8.7.7(e) Technical authorship, schema authorship, benchmark support, proof-receipt support, software maintenance, API custody, repository custody, or technical baseline support by GCRI Canada shall not create protocol effect or certification by implication.

8.7.7(f) Protocol Authority Input Outputs shall not create recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.7(g) Where a Protocol Authority Input Output is corrected, disputed, downgraded, reclassified, superseded, withdrawn, or retired, GCRI Canada shall review affected Protocol Authority interface records and coordinate correction with the relevant Protocol Authority where appropriate.

8.7.7(h) The controlling rule shall be that Protocol Authority Input Outputs support protocol discipline but do not create protocol effect by default.

***

8.7.8 Nexus Observatory Output.\
8.7.8(a) GCRI Canada may classify a Nexus Truth Engine output as a Nexus Observatory Output where the output is prepared to support observability evidence, node evidence, hub evidence, cluster evidence, hotspot evidence, regional cluster evidence, national dense core evidence, sensor evidence, AI-RAN signal evidence, O-RAN signal evidence, private wireless signal evidence, DePIN evidence, geospatial evidence, cyber telemetry, digital twin assumptions, dashboard methods, map methods, degraded-mode records, resilience indicator records, continuity signal records, Observatory Evidence Packs, and public-safe Observatory summaries.

8.7.8(b) Nexus Observatory Outputs shall remain observability evidence and methods outputs. They shall not constitute surveillance authority, public warning, emergency command, infrastructure operation, public authority decision, regulatory finding, procurement approval, finance-readiness, provider endorsement, sponsor approval, certification, recognition, rating, guarantee, protocol effect, operational clearance, or execution consequence by default.

8.7.8(c) Nexus Observatory Outputs shall identify observability surface, source records, system records, node or cluster context, owner where known, operator where applicable, host where applicable, provider where any, GCRI Canada role, GCRI Canada non-role, data classes, evidence classes, collection method, update frequency, latency, geography or safe location treatment, confidence, uncertainty, limitations, classification, public-safe status, access status, permitted use, prohibited use, boundary language, correction path, supersession path, withdrawal path, and archive path.

8.7.8(d) Nexus Observatory Outputs involving dashboards, maps, alerts, indicators, scores, colors, or geospatial layers shall be reviewed to prevent public warning implication, emergency command implication, public authority confusion, infrastructure exposure, privacy harm, community harm, protected knowledge exposure, finance overclaim, provider preference, sponsor validation, and false precision.

8.7.8(e) Nexus Observatory Outputs shall distinguish raw signal, processed signal, fused signal, inferred condition, modeled condition, dashboard output, map layer, public-safe summary, controlled annex, Docket input, Grid input, Truth Engine comparison, Rails handoff, GRF input, GRA input, Protocol Authority support, and enterprise-stack handoff.

8.7.8(f) Nexus Observatory Outputs shall not create investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, public warning, emergency command, certification, recognition, finance-readiness, rating, guarantee, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.7.8(g) Where a Nexus Observatory Output is corrected, disputed, downgraded, reclassified, restricted, superseded, withdrawn, or retracted, GCRI Canada shall update applicable observability records and review affected downstream dependencies.

8.7.8(h) The controlling rule shall be that Nexus Observatory Outputs make observable conditions evidence-legible, not officially actionable by GCRI Canada.

***

8.7.9 Nexus Risk Management Output.\
8.7.9(a) GCRI Canada may classify a Nexus Truth Engine output as a Nexus Risk Management Output where the output is prepared to support risk evidence, resilience evidence, scenario evidence, continuity evidence, interdependency evidence, hazard evidence, exposure evidence, vulnerability evidence, capability evidence, control evidence, degraded-mode evidence, or corrective-action evidence within Nexus Risk Management interfaces.

8.7.9(b) Nexus Risk Management Outputs shall remain evidence and methods support. They shall not constitute public authority risk determinations, insurance ratings, credit ratings, investment ratings, project ratings, resilience ratings, regulatory findings, public warnings, emergency commands, finance-readiness, guarantees, procurement approval, provider endorsement, sponsor approval, certification, recognition, protocol effect, operational clearance, or execution consequence by default.

8.7.9(c) Nexus Risk Management Outputs shall identify risk question, source records, method records, scenario assumptions where any, model records where any, evidence class, data class, confidence, uncertainty, limitations, public-safe status, finance-safe status where material, public authority-facing status where material, access class, handling class, permitted use, prohibited use, boundary language, correction path, supersession path, withdrawal path, and dependency links.

8.7.9(d) Scenario outputs, risk indicators, resilience indicators, dashboard outputs, maps, scores, and model-based outputs shall be described as decision support and shall not be represented as decisions, official risk ratings, insurance decisions, credit decisions, public authority findings, public warnings, or operational commands.

8.7.9(e) Nexus Risk Management Outputs used in GRF, GRA, public authority, National Consortium, National Company, Project SPV, provider, sponsor, host, community, or capital-reader interfaces shall preserve role separation and shall not exceed the authority of the source record.

8.7.9(f) Nexus Risk Management Outputs shall not create investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, certification, recognition, finance-readiness, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.7.9(g) Where a Nexus Risk Management Output is corrected, disputed, downgraded, reclassified, restricted, superseded, withdrawn, or retracted, GCRI Canada shall update applicable records and review affected downstream dependencies.

8.7.9(h) The controlling rule shall be that Nexus Risk Management Outputs support risk understanding without becoming risk authority.

***

8.7.10 Nexus Rails Output.\
8.7.10(a) GCRI Canada may classify a Nexus Truth Engine output as a Nexus Rails Output where the output is prepared to support evidence routing, public-safe routing, standards-support routing, finance-readiness input routing, deployment-readiness evidence routing, GRF handoff, GRA handoff, Protocol Authority handoff, public authority learning handoff, National Company interface, Project SPV interface, provider interface, host interface, community interface, or correction routing within Nexus Rails.

8.7.10(b) Nexus Rails Outputs shall remain routing, translation, evidence, and handoff support artifacts. They shall not constitute finance-readiness, investment advice, securities solicitation, brokerage, lending, underwriting, insurance placement, rating, guarantee, public finance approval, procurement approval, provider endorsement, public authority decision, certification, recognition, protocol effect, operational clearance, market authority, infrastructure operation, or execution consequence by default.

8.7.10(c) Nexus Rails Outputs shall identify source records, method records, routing purpose, handoff actor, receiving actor, authority mapping, public-safe status, finance-safe status where material, public authority-facing status where material, access class, handling class, confidence, uncertainty, limitations, permitted use, prohibited use, boundary notices, handoff record, correction path, supersession path, withdrawal path, and dependency links.

8.7.10(d) Rails outputs involving GRA, capital readers, National Companies, Project SPVs, providers, public finance actors, insurers, lenders, underwriters, or other finance-adjacent actors shall include no-advice, no-solicitation, no-rating, no-guarantee, no-public-finance-approval, and no-capital-commitment controls where material.

8.7.10(e) Rails outputs involving public authorities shall include non-delegation, non-endorsement, non-procurement, non-funding, non-public-finance, non-regulatory, non-warning, and non-emergency-command controls where material.

8.7.10(f) Nexus Rails Outputs shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.10(g) Where a Nexus Rails Output is corrected, disputed, downgraded, reclassified, restricted, superseded, withdrawn, or retracted, GCRI Canada shall update applicable handoff and dependency records and notify affected interfaces where required.

8.7.10(h) The controlling rule shall be that Nexus Rails Outputs route evidence and handoffs; they do not execute the consequences to which evidence may be routed.

***

8.7.11 Academy and Training Output.\
8.7.11(a) GCRI Canada may classify a Nexus Truth Engine output as an Academy and Training Output where the output is prepared for evidence literacy, methods training, AI governance literacy, cybersecurity literacy, public authority literacy, observability methods training, confidence and uncertainty training, public-safe publication training, controlled vocabulary training, correction training, or public-good technical training.

8.7.11(b) Academy and Training Outputs may include curricula, training notes, case studies, simulation materials, scenario materials, technical explainers, public-safe examples, controlled examples, lab materials, exercises, model cards for teaching, benchmark cards for teaching, dashboard demonstrations, map demonstrations, evidence pack examples, decision pack examples, correction examples, and public-safe glossaries.

8.7.11(c) Academy and Training Outputs shall identify audience, purpose, source records where applicable, synthetic or example status where applicable, public-safe status, access class, handling class, permitted use, prohibited use, confidence where material, uncertainty where material, limitations, IP status, data status, AI-use status, public authority boundary language, finance boundary language, provider-neutrality language, sponsor non-control language, credential boundary language, and correction path.

8.7.11(d) Academy and Training Outputs shall not create professional certification, licensure, public authority qualification, procurement preference, provider status, sponsor status, finance-readiness, investment suitability, regulated professional advice, technical certification, recognition, maturity record, protocol effect, operational clearance, or execution authority by default.

8.7.11(e) Attendance, completion, participation, fellowship, lab involvement, badge, certificate of attendance, training record, or Academy listing shall not imply certification, recognized competence, public authority qualification, procurement status, provider approval, finance-readiness, Nexus-compatible status, or execution readiness unless separately and lawfully created by proper authority and record.

8.7.11(f) Academy and Training Outputs shall not create investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.11(g) Where Academy and Training Outputs become inaccurate, stale, unsafe, overclaimed, misclassified, or misused, GCRI Canada shall correct, supersede, withdraw, reissue, relabel, restrict, or update the materials and related training records.

8.7.11(h) The controlling rule shall be that Academy and Training Outputs build literacy and competence without creating regulated credentials or downstream authority by default.

***

8.7.12 Dashboard, Map, Report, API, Dataset, Evidence Pack, Decision Pack, and Technical Annex Output.\
8.7.12(a) GCRI Canada may classify Nexus Truth Engine outputs by form, including dashboard output, map output, report output, API output, dataset output, Evidence Pack output, Decision Pack output, technical annex output, controlled annex output, public-safe summary output, public-good software output, technical baseline output, model output, benchmark output, system card output, and correction notice output.

8.7.12(b) Dashboard Outputs shall identify source records, update frequency, latency, confidence display, uncertainty display, limitations, filters, labels, colors, scores, boundary language, public-safe status, access class, handling class, permitted use, prohibited use, and correction path.

8.7.12(c) Map Outputs shall identify geospatial source records, resolution, aggregation, safe-location treatment, sensitive-site treatment, community-identifiability treatment, infrastructure-sensitive treatment, public-safe status, uncertainty, limitations, public warning boundary, public authority boundary, permitted use, prohibited use, and correction path.

8.7.12(d) Report Outputs shall identify purpose, audience, source records, method records, confidence, uncertainty, limitations, redactions, responsible non-disclosure basis, public-safe status, boundary language, permitted use, prohibited use, correction path, supersession path, withdrawal path, and archive path.

8.7.12(e) API Outputs shall identify endpoint purpose, data class, evidence class, source records where applicable, schema version, ontology version, access class, rate limits where any, permitted use, prohibited use, public-safe status, machine-readable boundary language, correction path, deprecation path, and versioning status.

8.7.12(f) Dataset Outputs shall identify dataset source, owner where known, custodian, steward, data class, evidence class, technology domain, purpose, lawful basis or authority where applicable, permissions, licenses, consent or non-consent treatment where applicable, AI-use status, training-use status, embedding-use status, transfer status, publication status, retention status, quality, completeness, limitations, public-safe status, and correction path.

8.7.12(g) Evidence Pack Outputs and Decision Pack Outputs shall identify purpose, audience, source records, method records, evidence classes, data classes, confidence, uncertainty, limitations, review status, authority mapping where applicable, permitted use, prohibited use, boundary language, correction path, supersession path, withdrawal path, retraction path where applicable, closeout path where applicable, and dependency links.

8.7.12(h) Technical Annex Outputs and Controlled Annex Outputs shall identify technical scope, sensitive content class, access class, handling class, source records, method records, models where any, data where any, limitations, public-safe summary relationship, permitted use, prohibited use, confidentiality, cybersecurity controls, privacy controls, sovereign data controls, protected knowledge controls, and correction path.

8.7.12(i) Outputs by form shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.12(j) The controlling rule shall be that output form affects access, risk, and review, but no form transforms evidence into authority by default.

***

8.7.13 Output Class Controls, Review Requirements, Access Rights, Disclaimers, Versioning, and Correction Paths.\
8.7.13(a) GCRI Canada shall maintain output class controls for Nexus Truth Engine outputs, including classification rules, review requirements, access rights, handling rules, disclaimer requirements, boundary-language requirements, versioning requirements, correction paths, supersession paths, withdrawal paths, retraction paths, archive paths, and dependency-tracking requirements.

8.7.13(b) Output class controls shall be proportionate to source sensitivity, evidence class, data class, technology domain, public-safe status, audience, intended use, prohibited use, public authority relevance, finance relevance, provider relevance, sponsor relevance, community relevance, protected knowledge relevance, cybersecurity relevance, privacy relevance, sovereign data relevance, and downstream dependency.

8.7.13(c) Review requirements may include evidence steward review, method steward review, data steward review, model steward review, observability steward review, ontology review, controlled vocabulary review, public-safe publication review, privacy review, cybersecurity review, AI review, sovereign data review, public authority boundary review, finance boundary review, provider-neutrality review, sponsor non-control review, safeguards review, legal review, interface review, committee review, officer approval, or Board reporting.

8.7.13(d) Access rights shall identify who may view, use, quote, export, reproduce, rely upon, modify, route, publish, summarize, embed, API-call, dashboard-view, map-view, train on, retrieve from, translate, localize, or otherwise process the output.

8.7.13(e) Disclaimers and boundary language shall address, where material, no certification, no recognition, no finance-readiness, no investment advice, no public authority decision, no procurement approval, no provider endorsement, no sponsor approval, no rating, no guarantee, no public warning, no emergency command, no protocol effect, no operational clearance, no legal status, no professional advice, no market authority, no infrastructure operation, and no execution consequence.

8.7.13(f) Versioning shall identify version number or identifier, effective date, prior version, superseding version, status, change basis, reviewer, approving actor where applicable, affected dependencies, correction relationship, withdrawal relationship, retraction relationship, and archive treatment.

8.7.13(g) Correction paths shall identify how an output may be challenged, corrected, reclassified, restricted, downgraded, superseded, withdrawn, retracted, suspended, reinstated, retired, archived, and notified to affected downstream users.

8.7.13(h) Output class controls shall prevent output migration. An output approved for one class shall not automatically be used in another class without reclassification, review, boundary treatment, and records-valid approval.

8.7.13(i) The controlling rule shall be that output classes must control how Truth Engine artifacts are used, by whom, for what purpose, under what boundary, and with what correction path.

***

8.7.14 Output Class Register and Public-Safe Output Catalogue.\
8.7.14(a) GCRI Canada shall maintain, or cause to be maintained, an Output Class Register for material Nexus Truth Engine outputs and may maintain a Public-Safe Output Catalogue for outputs approved for public-safe release.

8.7.14(b) The Output Class Register shall identify output title or identifier, output class, output form, purpose, audience, owner, custodian, steward, source records, method records, data class, evidence class, technology domain, risk domain, version, status, classification, access class, handling class, public-safe status, finance-safe status where material, public authority-facing status where material, GRF-facing status where material, GRA-facing status where material, Protocol Authority-facing status where material, provider-facing status where material, sponsor-facing status where material, host-facing status where material, community-facing status where material, confidence, uncertainty, limitations, permitted use, prohibited use, boundary language, review status, correction path, supersession path, withdrawal path, retraction path where applicable, archive path, and dependency links.

8.7.14(c) The Public-Safe Output Catalogue may identify public-safe reports, public-safe summaries, public dashboards, public maps, public-safe technical notes, public-safe glossaries, public-safe Academy materials, public-good software documentation, technical baseline summaries, public-safe correction notices, public-safe Observatory summaries, public-safe Truth Engine summaries, public-safe Docket summaries, public-safe Grid summaries, and public-safe Rails summaries.

8.7.14(d) The Public-Safe Output Catalogue shall not include restricted evidence, controlled annexes, personal information, rights-bearing data, cyber-sensitive information, infrastructure-sensitive information, public authority restricted information, sovereign-sensitive information, protected knowledge, community-sensitive information, confidential source information, controlled technology, unsafe geospatial detail, or other material not approved for public-safe release.

8.7.14(e) Catalogue inclusion shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.7.14(f) Where an output in the Output Class Register or Public-Safe Output Catalogue is corrected, challenged, reclassified, restricted, superseded, withdrawn, retracted, downgraded, suspended, reinstated, retired, or archived, the register or catalogue shall be updated and affected downstream dependencies shall be reviewed.

8.7.14(g) The Output Class Register and Public-Safe Output Catalogue shall support auditability, public-safe legibility, controlled access, dependency tracking, interface assurance, correctionability, and institutional memory.

8.7.14(h) The controlling rule shall be that Truth Engine outputs must be catalogued by class because output meaning depends on class, audience, access, status, limitations, and correction path.

### 8.8 Truth Engine Output Limits

8.8.1 Truth Engine Outputs Do Not Create Official Truth by Default.\
8.8.1(a) Nexus Truth Engine outputs shall not create official truth, final truth, public-law truth, sovereign truth, regulatory truth, financial truth, market truth, recognition truth, certification truth, protocol truth, procurement truth, provider truth, sponsor truth, public warning truth, emergency-command truth, or execution truth by default.

8.8.1(b) Truth Engine outputs may structure evidence, compare sources, identify corroboration, identify contradiction, identify confidence, identify uncertainty, identify limitations, identify disputes, route evidence, support public-safe summaries, and trigger correction, but shall not become official determinations merely because they are method-supported, machine-assisted, dashboard-visible, publicly available, technically sophisticated, cryptographically anchored, widely cited, or incorporated into Nexus interfaces.

8.8.1(c) Official truth, where applicable, shall arise only through the proper authority, proper legal or institutional process, proper record, proper review, proper jurisdiction, proper audience, proper boundary language, and proper correction path of the competent actor. GCRI Canada shall not be deemed to create such official truth through Truth Engine outputs.

8.8.1(d) Truth Engine outputs shall preserve the distinction between evidence-supported statements, method-supported comparisons, confidence-supported inferences, public-safe summaries, controlled-room materials, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, Nexus Observatory outputs, and legally or institutionally operative acts by other competent actors.

8.8.1(e) No person shall cite, market, describe, display, embed, route, summarize, translate, localize, or reuse a Truth Engine output as official truth beyond the output’s source records, method records, review status, confidence, uncertainty, limitations, audience, permitted use, prohibited use, public-safe status, and correction path.

8.8.1(f) Where a Truth Engine output is at risk of being perceived as official truth, GCRI Canada shall use boundary language, controlled vocabulary, public-safe explanation, class controls, audience controls, reclassification, restriction, correction, withdrawal, or reissue to preserve its evidence-supporting character.

8.8.1(g) Truth Engine outputs shall not become unchallengeable. Every material Truth Engine output shall remain reviewable, challengeable, correctable, supersession-aware, withdrawal-aware, retraction-aware where applicable, and archive-aware.

8.8.1(h) The controlling rule shall be that Truth Engine outputs support disciplined truth treatment but do not themselves create official truth by default.

***

8.8.2 Truth Engine Outputs Do Not Create Public Warnings.\
8.8.2(a) Nexus Truth Engine outputs shall not create public warnings, emergency alerts, evacuation instructions, public health warnings, public safety warnings, hazard warnings, infrastructure warnings, cybersecurity public alerts, community safety warnings, official risk notices, or other public-warning consequences by default.

8.8.2(b) Truth Engine outputs involving hazards, disasters, climate events, wildfire, flood, health-sensitive conditions, cyber incidents, infrastructure vulnerabilities, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, sensor readings, geospatial layers, Earth observation, satellite data, digital twins, dashboards, maps, risk indicators, resilience indicators, or public authority context shall remain evidence-supporting unless a competent public authority issues its own warning through its own lawful process and record.

8.8.2(c) Dashboard labels, map colors, heatmaps, scores, confidence bands, alert-like icons, signal indicators, degraded-mode indicators, resilience indicators, risk indicators, anomaly flags, or Truth Engine flags shall not be designed, displayed, or described in a manner that implies official public warning status.

8.8.2(d) Where public-safe outputs address hazard, risk, emergency, cyber, infrastructure, health, climate, disaster, public safety, or community safety topics, GCRI Canada shall include public warning boundary language where material and shall avoid language that directs public action as though issued by a competent public authority.

8.8.2(e) Truth Engine outputs may support public authority learning, public-safe interpretation, situational evidence, scenario learning, and downstream public authority review, but shall not replace official public warning processes.

8.8.2(f) Where a Truth Engine output is misread or used as an official public warning, GCRI Canada shall correct, clarify, relabel, restrict, withdraw, reissue, notify affected interfaces, or coordinate with competent public authorities where appropriate.

8.8.2(g) No urgency, crisis, emergency, public demand, media attention, sponsor request, provider request, public authority attendance, dashboard visibility, or technical confidence shall convert a Truth Engine output into a public warning by implication.

8.8.2(h) The controlling rule shall be that public warning authority remains with competent public authorities and is not created by Truth Engine evidence outputs.

***

8.8.3 Truth Engine Outputs Do Not Create Emergency Commands.\
8.8.3(a) Nexus Truth Engine outputs shall not create emergency commands, incident commands, operational commands, dispatch instructions, deployment instructions, evacuation instructions, rescue instructions, shelter instructions, supply instructions, logistics instructions, field-response instructions, public safety directives, utility directives, infrastructure-use directives, or emergency-control decisions by default.

8.8.3(b) Truth Engine outputs may support scenario learning, emergency-management learning, evidence literacy, technical literacy, public-safe interpretation, observability review, risk understanding, resilience planning, and public authority learning, but shall not command responders, operators, field teams, providers, hosts, public authorities, communities, utilities, National Companies, Project SPVs, or infrastructure actors.

8.8.3(c) Truth Engine outputs involving emergency-management evidence, sensor signals, public authority context, degraded-mode records, continuity indicators, dashboards, maps, geospatial outputs, cyber signals, AI-RAN signals, DePIN records, digital twins, or observability outputs shall include emergency-command boundary language where material.

8.8.3(d) GCRI Canada shall not allow Truth Engine outputs to be embedded in workflows, dashboards, APIs, playbooks, field tools, communications, maps, or controlled-room materials in a manner that causes automated or apparent emergency command by GCRI Canada.

8.8.3(e) Where a downstream public authority, emergency-management actor, host, operator, provider, National Company, Project SPV, or other lawful actor uses Truth Engine outputs to support its own emergency decisions, such decisions shall remain the downstream actor’s own decisions and shall not be attributed to GCRI Canada.

8.8.3(f) Where a Truth Engine output is misread or used as an emergency command, GCRI Canada shall correct, clarify, restrict, suspend, withdraw, reissue, disable access where appropriate, notify affected dependencies, and coordinate with competent actors where necessary to prevent harm.

8.8.3(g) Truth Engine outputs shall not create command authority through public visibility, technical sophistication, real-time display, high confidence, public authority participation, emergency context, or repeated use in exercises.

8.8.3(h) The controlling rule shall be that emergency command requires lawful command authority, and Truth Engine outputs shall not create such authority by default.

***

8.8.4 Truth Engine Outputs Do Not Create Public Authority Decisions.\
8.8.4(a) Nexus Truth Engine outputs shall not create public authority decisions, public adoption, official guidance, administrative determinations, public-sector approvals, public finance approvals, procurement approvals, regulatory positions, funding approvals, public policy decisions, public health orders, emergency decisions, enforcement decisions, permits, licenses, public service determinations, sovereign obligations, or public-law consequences by default.

8.8.4(b) Truth Engine outputs prepared for public authority learning shall be evidence-supporting, literacy-supporting, scenario-supporting, technical-supporting, and interpretation-supporting only. They shall not substitute for lawful public decision-making.

8.8.4(c) Public authority attendance, participation, data contribution, workshop comment, regulator-listening presence, public finance presence, emergency-management presence, procurement presence, agency reference, logo reference, title reference, quotation, photograph, jurisdiction reference, or public-sector data reference shall not convert a Truth Engine output into a public authority decision.

8.8.4(d) Truth Engine outputs shall preserve public authority capacity classification, permitted use, prohibited use, non-delegation language, non-endorsement language, non-reliance language where appropriate, public-safe status, access status, handling class, confidence, uncertainty, limitations, and correction path.

8.8.4(e) Where a public authority uses a Truth Engine output in its own lawful process, such use shall remain within that authority’s independent responsibility, legal duties, procedures, records, and accountability.

8.8.4(f) Truth Engine outputs shall not be described as public-authority-approved unless the competent public authority has separately taken a lawful, recorded act that creates such approval and the description has been reviewed for public-safe accuracy.

8.8.4(g) Where a Truth Engine output is misdescribed as a public authority decision, GCRI Canada shall correct, clarify, restrict, withdraw, reissue, require removal of misleading references, or notify relevant public authority interfaces where appropriate.

8.8.4(h) The controlling rule shall be that public authority remains with public authorities and shall not be created through Truth Engine evidence support.

***

8.8.5 Truth Engine Outputs Do Not Create Regulatory Approvals, Permits, Safe Harbors, Compliance Determinations, or Enforcement Positions.\
8.8.5(a) Nexus Truth Engine outputs shall not create regulatory approvals, permits, licenses, safe harbors, compliance determinations, enforcement positions, regulatory guidance, regulatory clearance, inspection outcomes, conformity with law, legal compliance status, or public-law permission by default.

8.8.5(b) Truth Engine outputs may support evidence literacy, regulatory-context learning, technical understanding, public-safe interpretation, standards-support evidence, and public authority learning, but shall not determine compliance with law, regulation, permit, license, public standard, enforcement obligation, or public duty.

8.8.5(c) Regulator-listening participation, regulator attendance, public authority review, public authority comment, technical workshop participation, public-sector data contribution, or public authority presence shall not create regulatory approval, safe harbor, compliance determination, enforcement position, official guidance, or public endorsement.

8.8.5(d) Truth Engine outputs shall not be used in public materials, provider materials, sponsor materials, National Company materials, Project SPV materials, procurement materials, investor materials, insurance materials, lending materials, or public claims to imply regulatory clearance or compliance status.

8.8.5(e) Where legal, regulatory, sanctions, export-control, data, privacy, cybersecurity, professional, public authority, controlled-technology, or public-sector sensitivity is implicated, Truth Engine outputs shall include appropriate legal and regulatory boundary language and may require legal or perimeter review.

8.8.5(f) Any regulated or public-law conclusion shall remain with competent public authorities, qualified professionals, regulated actors, or lawful decision-makers acting through their own authority and records.

8.8.5(g) Where a Truth Engine output is misused to imply regulatory approval, permit status, safe harbor, compliance determination, or enforcement position, GCRI Canada shall require correction, withdrawal, retraction, public-safe clarification, controlled notice, interface suspension, or other remedy as appropriate.

8.8.5(h) The controlling rule shall be that Truth Engine outputs may support regulatory literacy but shall not create regulatory effect.

***

8.8.6 Truth Engine Outputs Do Not Create Procurement Decisions, Vendor Awards, Provider Preferences, or Public Tender Advantages.\
8.8.6(a) Nexus Truth Engine outputs shall not create procurement decisions, vendor awards, provider preferences, preferred vendor status, tender prequalification, bid advantage, procurement ranking, public purchasing recommendation, public tender advantage, market allocation, or provider selection by default.

8.8.6(b) Truth Engine outputs involving provider tests, provider benchmarks, validation sprints, demonstrations, public-good software use, technical baseline alignment, dashboards, maps, Observatory outputs, evidence records, Evidence Packs, Decision Packs, Docket inputs, Grid inputs, public authority learning materials, or public-safe reports shall not be described as procurement approval or provider preference.

8.8.6(c) Provider participation, vendor contribution, repository contribution, technical centrality, system access, equipment support, data contribution, compute contribution, AI-RAN support, sensor support, dashboard support, cyber support, integration support, field support, event participation, Nexus Universe participation, sponsor relationship, public authority room participation, or public-safe publication mention shall not create procurement advantage.

8.8.6(d) Truth Engine outputs shall preserve provider neutrality, competition safety, conflict disclosure where material, benchmark limitations, method records, public-safe status, permitted use, prohibited use, and correction path.

8.8.6(e) Any procurement decision shall remain with the lawful procuring authority or purchasing actor through its own procurement rules, authority, records, fairness duties, competition obligations, and accountability.

8.8.6(f) Truth Engine outputs shall not be used in RFP responses, tender submissions, sales materials, provider websites, sponsor materials, National Company materials, Project SPV materials, public authority materials, investor materials, or media claims to imply GCRI Canada provider endorsement or procurement preference.

8.8.6(g) Where a Truth Engine output is misused to claim procurement advantage, vendor award, provider preference, tender status, or purchasing recommendation, GCRI Canada shall require correction, removal, withdrawal, retraction, public-safe clarification, controlled notice, access restriction, interface suspension, or other remedy as appropriate.

8.8.6(h) The controlling rule shall be that Truth Engine outputs may support evidence-based understanding of technologies but shall not select vendors or steer procurement.

***

8.8.7 Truth Engine Outputs Do Not Create Certification, Conformance, Nexus-Compatible Status, or Protocol Effect by Default.\
8.8.7(a) Nexus Truth Engine outputs shall not create certification, conformance determination, Nexus-compatible status, protocol effect, technical approval, security approval, safety approval, standards approval, role key, smart license, entitlement state, proof-receipt legal effect, external force, operational clearance, or protocol authority status by default.

8.8.7(b) Truth Engine outputs involving technical baselines, schemas, APIs, public-good software, test harnesses, evaluation harnesses, benchmark cards, system cards, model cards, proof-receipt logic, repository records, controlled vocabulary, ontology, conformance-supporting tools, or standards-support materials shall remain evidence and method support unless a competent Protocol Authority or certification actor separately creates a conformance or certification effect through proper record.

8.8.7(c) Technical authorship, method authorship, schema authorship, software maintenance, repository custody, benchmark support, evaluation support, standards-support work, or proof-receipt support by GCRI Canada shall not create certification, conformance, Nexus-compatible status, or protocol effect by implication.

8.8.7(d) Use of the terms “validated,” “verified,” “aligned,” “baseline,” “tested,” “benchmarked,” “Nexus,” “Nexus-compatible,” “conformance-supporting,” “protocol-ready,” “proof,” “receipt,” or equivalent terms shall be governed by controlled vocabulary and shall not be used to imply status beyond the proper record.

8.8.7(e) Truth Engine outputs shall include protocol-boundary language where material and shall distinguish evidence support, standards support, conformance support, public-good software support, proof support, and actual protocol effect.

8.8.7(f) Any certification, conformance, Nexus-compatible status, role key, smart license, proof-receipt effect, or protocol effect shall arise only through the competent actor’s proper authority, instrument, records, procedures, and boundary language.

8.8.7(g) Where a Truth Engine output is misused to imply certification, conformance, Nexus-compatible status, or protocol effect, GCRI Canada shall require correction, removal, withdrawal, retraction, public-safe clarification, controlled notice, interface suspension, or other remedy as appropriate.

8.8.7(h) The controlling rule shall be that Truth Engine outputs may support protocol discipline but do not create protocol authority by default.

***

8.8.8 Truth Engine Outputs Do Not Create GRF Recognition, Standing, Maturity, Claims Approval, or Public-Facing Legitimacy.\
8.8.8(a) Nexus Truth Engine outputs shall not create The Global Risks Forum (GRF) recognition, standing, maturity records, claims approval, stakeholder formation, public-facing legitimacy, registry status, public-safe reporting status, or public claim approval by default.

8.8.8(b) Truth Engine outputs prepared as GRF Input Outputs shall remain technical evidence, source comparison, confidence, uncertainty, dispute, correction, Docket, Grid, maturity-context, and claims-discipline support only.

8.8.8(c) GRF shall remain responsible for GRF recognition, standing, maturity records, claims discipline, stakeholder formation, public-facing legitimacy, public-safe reporting, registry status, and public claim approval through its own authority, procedures, records, and public-safe review.

8.8.8(d) A Truth Engine output shall not be described as GRF recognition merely because it is high-confidence, corroborated, public-safe, included in a GRF interface, incorporated into Docket or Grid materials, reviewed by GCRI Canada, visible in Nexus materials, or used to inform GRF processes.

8.8.8(e) Truth Engine outputs shall preserve recognition-boundary language where material and shall distinguish evidence support from GRF legitimacy functions.

8.8.8(f) Where a Truth Engine output is misused to imply GRF recognition, standing, maturity, claims approval, public-facing legitimacy, or public-safe reporting status, GCRI Canada shall coordinate correction with GRF where appropriate and require correction, withdrawal, retraction, public-safe clarification, controlled notice, or interface remedy as appropriate.

8.8.8(g) No sponsor, provider, host, public authority, National Company, Project SPV, capital reader, media actor, participant, or Nexus actor may use Truth Engine outputs to claim GRF status without GRF’s proper record.

8.8.8(h) The controlling rule shall be that GCRI Canada may support GRF legitimacy work with evidence, but only GRF may create GRF legitimacy status.

***

8.8.9 Truth Engine Outputs Do Not Create GRA Finance-Readiness, Investment Advice, Insurance Approval, Rating, Guarantee, Lending Decision, or Public Finance Approval.\
8.8.9(a) Nexus Truth Engine outputs shall not create The Global Risks Alliance (GRA) finance-readiness, capital-readiness, insurance-readiness, routeability, capital readability, investment advice, securities recommendation, brokerage, placement, finder activity, lending decision, underwriting decision, insurance approval, insurance placement, rating, guarantee, public finance approval, capital commitment, bankability, fundability, or financial suitability by default.

8.8.9(b) Truth Engine outputs prepared as GRA Input Outputs shall remain technical evidence, risk evidence, source comparison, confidence, uncertainty, dispute, correction, Proof Pack component, insurance-readiness input, capital-reader literacy input, RNFD input, NFD input, UNFSD input, and Rails handoff support only.

8.8.9(c) GRA shall remain responsible for any GRA finance-readiness, capital-readiness, insurance-readiness, capital readability, Proof Pack, capital-reader room, RNFD, NFD, UNFSD, or regulated-perimeter output through GRA’s own authority, procedures, records, review, and finance-safe boundary language.

8.8.9(d) Truth Engine outputs shall not be used in investor materials, insurance materials, lending materials, public finance materials, securities materials, National Company materials, Project SPV materials, provider materials, sponsor materials, pitch decks, capital-reader rooms, websites, media materials, or public claims to imply GCRI Canada financial advice, rating, guarantee, finance-readiness, public finance approval, or capital commitment.

8.8.9(e) Confidence scores, risk indicators, resilience indicators, Proof Pack components, host readiness evidence, node evidence, technical baselines, dashboards, maps, public-safe reports, and Rails outputs shall not be described as credit quality, insurance quality, investment quality, financial quality, public finance approval, or capital suitability.

8.8.9(f) Where a Truth Engine output is misused to imply finance-readiness, investment advice, insurance approval, rating, guarantee, lending decision, underwriting decision, public finance approval, bankability, fundability, or capital commitment, GCRI Canada shall coordinate correction with GRA where appropriate and require correction, withdrawal, retraction, public-safe clarification, controlled notice, access restriction, interface suspension, or other remedy as appropriate.

8.8.9(g) No capital reader, sponsor, provider, host, National Company, Project SPV, public authority, funder, donor, insurer, lender, underwriter, rating actor, media actor, or Nexus actor may use Truth Engine outputs to claim financial status or approval by GCRI Canada.

8.8.9(h) The controlling rule shall be that GCRI Canada may support finance-readiness discipline with evidence but shall not create finance-readiness or financial consequence.

***

8.8.10 Truth Engine Outputs Do Not Create National Company, Project SPV, Provider, Host, Sponsor, or Market Execution Consequence.\
8.8.10(a) Nexus Truth Engine outputs shall not create National Company authority, Project SPV authority, provider authority, host authority, sponsor authority, market authority, asset ownership, management authority, operational control, financing authority, contracting authority, procurement authority, delivery authority, infrastructure operation, revenue entitlement, guarantee, performance obligation, or execution consequence by default.

8.8.10(b) Truth Engine outputs may support evidence understanding, technical baseline interpretation, observability methods, public-safe outputs, confidence treatment, uncertainty treatment, correction routing, and boundary-safe handoff for National Companies, Project SPVs, providers, hosts, sponsors, and other enterprise-stack actors, but shall not execute or approve their downstream activities.

8.8.10(c) National Companies and Project SPVs shall remain separate actors responsible for their own corporate acts, contracts, financing, asset ownership, delivery, operations, compliance, public claims, liabilities, provider relationships, host relationships, public authority relationships, and execution decisions.

8.8.10(d) Providers shall not acquire endorsement, preferred status, procurement advantage, certification, recognition, finance-readiness, maturity, public authority approval, Nexus-compatible status, or market superiority merely by being referenced in, tested through, benchmarked by, supported by, integrated with, or visible in Truth Engine outputs.

8.8.10(e) Hosts shall not acquire control over GCRI Canada evidence, methods, outputs, publications, public authority access, provider access, finance-facing materials, technical baselines, or institutional meaning merely by providing facilities, data, infrastructure, context, staff time, testing access, community access, sensors, compute, network, convening, or in-kind support.

8.8.10(f) Sponsors, donors, and funders shall not acquire control over evidence, methods, publication timing, correction, dashboards, maps, technical baselines, public-safe outputs, public authority access, provider prominence, finance-facing outputs, Nexus meaning, or institutional truth merely by providing cash, grants, in-kind support, visibility, platform support, compute support, model access, or other resources.

8.8.10(g) Truth Engine outputs shall not be used to market, sell, finance, insure, underwrite, rate, procure, award, deploy, operate, certify, recognize, endorse, guarantee, or execute any project, technology, company, SPV, provider, host, sponsor, or market activity by implication.

8.8.10(h) Where a Truth Engine output is misused to create National Company, Project SPV, provider, host, sponsor, or market execution consequence, GCRI Canada shall require correction, withdrawal, retraction, removal of misleading references, public-safe clarification, controlled notice, interface suspension, contract remedy, or legal action where appropriate.

8.8.10(i) The controlling rule shall be that Truth Engine outputs may inform enterprise-stack actors only through public-good stack separation and shall never become enterprise execution by stealth.

***

8.8.11 Truth Engine Outputs Require Proper Role, Proper Record, Proper Review, Proper Audience, Proper Boundary, and Proper Correction Path.\
8.8.11(a) Every material Nexus Truth Engine output shall require proper role, proper record, proper review, proper audience, proper boundary, and proper correction path.

8.8.11(b) Proper role means that the output shall be created, reviewed, approved, released, routed, used, and corrected only by persons or systems acting within recorded authority, capacity, access, competence, and institutional boundary.

8.8.11(c) Proper record means that the output shall be linked, where material, to evidence records, source records, method records, dataset records, model records, inference records, observability records, ontology records, confidence records, uncertainty records, limitation records, public-safe records, output class records, dependency records, and correction records.

8.8.11(d) Proper review means that the output shall receive evidence, method, data, model, observability, ontology, public-safe, privacy, cybersecurity, AI, sovereign data, safeguards, public authority, finance, provider-neutrality, sponsor non-control, legal, interface, committee, officer, or Board review as required by risk, audience, classification, and output class.

8.8.11(e) Proper audience means that the output shall be used only by the audience for which it was classified and reviewed, including internal, controlled-room, public-safe, public authority learning, GRF-facing, GRA-facing, Protocol Authority-facing, Observatory-facing, Risk Management-facing, Rails-facing, Academy-facing, provider-facing, sponsor-facing, host-facing, community-facing, finance-facing, or public-facing audiences.

8.8.11(f) Proper boundary means that the output shall carry or be linked to boundary language sufficient to prevent certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.8.11(g) Proper correction path means that the output shall be capable of challenge, correction, confidence change, uncertainty change, reclassification, restriction, downgrade, suspension, reinstatement, supersession, withdrawal, retraction where applicable, retirement, archive, dependency review, and notice where appropriate.

8.8.11(h) Where any required element is missing, GCRI Canada shall hold, restrict, reclassify, correct, complete, reroute, downgrade, suspend, withdraw, or refuse the output until the defect is resolved or the output is safely bounded.

8.8.11(i) The controlling rule shall be that Truth Engine outputs are valid only through proper role, proper record, proper review, proper audience, proper boundary, and proper correction path.

***

8.8.12 Correction Where Truth Engine Outputs Are Overclaimed.\
8.8.12(a) GCRI Canada shall correct Truth Engine outputs, references, descriptions, dashboards, maps, APIs, datasets, reports, Evidence Packs, Decision Packs, technical annexes, public-safe summaries, public authority materials, finance-facing materials, provider materials, sponsor materials, host materials, community-facing materials, Academy materials, Nexus materials, media materials, website materials, repository descriptions, and public claims where Truth Engine outputs are overclaimed.

8.8.12(b) Overclaim shall include any use or description that converts or appears to convert a Truth Engine output into official truth, public warning, emergency command, public authority decision, regulatory approval, permit, safe harbor, compliance determination, enforcement position, procurement decision, vendor award, provider preference, public tender advantage, certification, conformance, Nexus-compatible status, protocol effect, GRF recognition, GRF standing, GRF maturity, GRF claims approval, GRA finance-readiness, investment advice, insurance approval, rating, guarantee, lending decision, underwriting decision, public finance approval, National Company authority, Project SPV authority, provider endorsement, host approval, sponsor approval, market authority, operational clearance, or execution consequence.

8.8.12(c) Correction may include internal correction, public-safe correction notice, controlled correction notice, relabeling, revised boundary language, revised confidence treatment, revised uncertainty treatment, revised limitation statements, dashboard revision, map revision, API field revision, dataset revision, report revision, public-safe summary revision, access restriction, reclassification, downgrade, suspension, supersession, withdrawal, retraction, removal of marks or references, termination of misuse, interface suspension, contract remedy, or legal action where appropriate.

8.8.12(d) Where an overclaim originates with a sponsor, donor, funder, provider, vendor, contractor, host, capital reader, National Company, Project SPV, public authority participant, university, media actor, community actor, Nexus actor, director, officer, staff member, fellow, advisor, council member, participant, repository maintainer, AI-generated summary, dashboard label, public website, or third-party public claim, GCRI Canada shall apply a correction response proportionate to risk, reliance, audience, public visibility, and harm potential.

8.8.12(e) Where overclaim affects public authority meaning, finance-facing meaning, public warning meaning, emergency-command meaning, procurement meaning, certification meaning, recognition meaning, protocol meaning, provider meaning, sponsor meaning, community meaning, protected knowledge treatment, or public trust, GCRI Canada shall review downstream dependencies and determine whether notice, restriction, withdrawal, retraction, or escalation is required.

8.8.12(f) GCRI Canada shall not delay or avoid overclaim correction because the overclaim is reputationally beneficial, sponsor-favorable, provider-favorable, public authority-favorable, finance-facing, media-useful, event-useful, fundraising-useful, partnership-useful, or strategically convenient.

8.8.12(g) Corrected Truth Engine outputs shall preserve prior identity, correction history, supersession history, withdrawal or retraction status where applicable, affected dependencies, notice decisions, access limits, archive treatment, and future permitted use.

8.8.12(h) The controlling rule shall be that every Truth Engine overclaim must be corrected because uncorrected overclaim is how evidence infrastructure becomes unauthorized authority.

### 8.9 Truth Engine Auditability

8.9.1 Auditability as Mandatory Attribute of Material Truth Engine Use.\
8.9.1(a) GCRI Canada shall require auditability as a mandatory attribute of material Nexus Truth Engine use, including material source comparison, corroboration, contradiction handling, dispute handling, confidence scoring, uncertainty treatment, public-safe output generation, controlled-room output generation, dashboarding, mapping, API output, dataset output, Evidence Pack output, Decision Pack output, GRF input, GRA input, Protocol Authority input, public authority learning output, Observatory output, Risk Management output, Rails output, Academy output, and correction output.

8.9.1(b) Auditability shall mean that material Truth Engine inputs, methods, models, prompts where applicable, retrieval steps where applicable, human reviews, confidence changes, uncertainty changes, output versions, access events, controlled-room uses, corrections, supersessions, withdrawals, retractions, reclassifications, restrictions, releases, and archives can be identified, traced, reviewed, challenged, corrected, and explained within proper access limits.

8.9.1(c) Auditability shall be proportionate to risk, classification, data class, evidence class, technology domain, public-safe status, public authority relevance, finance relevance, provider relevance, sponsor relevance, protected knowledge relevance, community relevance, cybersecurity relevance, privacy relevance, sovereign data relevance, AI-use status, model-use status, and downstream dependency.

8.9.1(d) Auditability shall not require unsafe disclosure of personal information, rights-bearing data, cyber-sensitive information, infrastructure-sensitive information, public authority restricted information, sovereign-sensitive information, protected knowledge, community-sensitive information, confidential sources, commercial sensitivity, finance-sensitive information, legal sensitivity, controlled technology, security controls, exploit details, or other restricted materials.

8.9.1(e) Where full audit detail cannot be publicly disclosed, GCRI Canada shall preserve controlled audit records and may issue public-safe assurance summaries that accurately describe audit posture without exposing restricted material or overstating assurance.

8.9.1(f) Truth Engine use that cannot be audited at a level proportionate to its risk shall be held, narrowed, restricted, reclassified, redesigned, corrected, suspended, withdrawn, or refused until adequate auditability is restored or a records-valid risk decision is made by competent authority.

8.9.1(g) Auditability shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.9.1(h) The controlling rule shall be that the Nexus Truth Engine may be trusted only to the extent its material uses can be traced, reviewed, challenged, corrected, and explained without compromising safety, privacy, security, sovereignty, protected knowledge, or lawful confidentiality.

***

8.9.2 Source Logs.\
8.9.2(a) GCRI Canada shall maintain, or cause to be maintained, source logs for material sources used in Nexus Truth Engine activities.

8.9.2(b) Source logs shall identify, where material, source title or identifier, source type, source origin, source owner where known, source custodian, source steward, contributor, provider where any, sponsor where any, host where any, public authority source status where any, community source status where any, Indigenous or protected knowledge status where any, source version, date received, date created, date accessed, source lineage, provenance, custody, permission status, lawful basis, license, consent or non-consent treatment where applicable, confidentiality status, public-safe status, access class, handling class, permitted use, prohibited use, and correction path.

8.9.2(c) Source logs may cover sensors, reference sensors, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, cyber logs, geospatial data, Earth observation data, satellite data, digital twins, simulations, model outputs, AI outputs, operator observations, public authority materials, community materials, Indigenous or local knowledge materials, university outputs, laboratory outputs, provider systems, sponsor-supplied data, host-supplied data, field evidence, public records, documentary records, historical records, and public claims.

8.9.2(d) Source logs shall distinguish original sources, derived sources, transformed sources, aggregated sources, summarized sources, translated sources, localized sources, AI-generated sources, model-generated sources, provider-supplied sources, sponsor-supplied sources, public authority sources, community sources, and restricted sources.

8.9.2(e) Source logs shall preserve sufficient information to support source comparison, confidence scoring, uncertainty treatment, limitation statements, public-safe review, controlled-room review, downstream dependency review, and correction.

8.9.2(f) Source logs shall not silently erase prior source status, disputed source status, superseded source status, withdrawn source status, retracted source status, restricted source status, or corrected source status except where legally required, privacy-protective, security-required, protected-knowledge-protective, or necessary to prevent harm.

8.9.2(g) Where a source log is corrected, challenged, reclassified, restricted, superseded, withdrawn, retracted, downgraded, suspended, reinstated, retired, or archived, affected Truth Engine outputs and downstream dependencies shall be reviewed.

8.9.2(h) The controlling rule shall be that source logs are the first audit layer of the Truth Engine because outputs cannot be trusted if their sources cannot be traced.

***

8.9.3 Data Lineage Logs.\
8.9.3(a) GCRI Canada shall maintain, or cause to be maintained, data lineage logs for material data used, transformed, processed, summarized, modeled, embedded, retrieved, displayed, published, restricted, corrected, superseded, withdrawn, retired, or archived in connection with Nexus Truth Engine activities.

8.9.3(b) Data lineage logs shall identify dataset title or identifier, data source, source record, owner where known, custodian, steward, contributor, version, date range, geography or safe location treatment, collection method, data class, evidence class, technology domain, purpose, lawful basis or authority to use where applicable, permissions, licenses, consent or non-consent treatment where applicable, public authority restrictions, community restrictions, protected knowledge status, privacy status, cybersecurity status, sovereign data status, AI-use status, training-use status, embedding-use status, retrieval-use status, transfer status, publication status, retention status, and correction path.

8.9.3(c) Data lineage logs shall record material transformations, including cleaning, filtering, normalization, aggregation, de-identification, pseudonymization, anonymization where applicable, redaction, geospatial masking, safe-location treatment, linkage, enrichment, derivation, embedding, feature extraction, model input preparation, model output generation, dashboard rendering, map rendering, API output, and public-safe summarization.

8.9.3(d) Data lineage logs shall identify transformation actor, tool or system used, method version, model version where any, script or workflow identifier where any, date, inputs, outputs, assumptions, exclusions, quality checks, errors, missingness, limitations, validation status, public-safe status, and affected dependencies.

8.9.3(e) Data lineage logs shall support review of data quality, completeness, timeliness, representativeness, known gaps, bias, uncertainty, calibration where applicable, fitness for purpose, de-identification status where any, re-identification risk, inference risk, public-safe status, and correction path.

8.9.3(f) Data lineage logs involving personal information, rights-bearing data, public authority data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, community-protected data, Indigenous or local knowledge, protected knowledge, finance-sensitive data, commercially sensitive data, or controlled technology shall be subject to heightened access, privacy, cybersecurity, sovereign data, public-safe, and safeguards controls.

8.9.3(g) Where data lineage is incomplete, broken, uncertain, corrupted, disputed, unauthorized, unsafe, or not fit for purpose, affected Truth Engine uses shall be held, qualified, restricted, corrected, downgraded, superseded, withdrawn, or reviewed as appropriate.

8.9.3(h) The controlling rule shall be that data becomes evidence only through traceable lineage, lawful handling, method discipline, and correctionability.

***

8.9.4 Method Logs.\
8.9.4(a) GCRI Canada shall maintain, or cause to be maintained, method logs for material Truth Engine methods created, adopted, adapted, tested, applied, published in public-safe form, taught, embedded in public-good software, incorporated into technical baselines, corrected, superseded, withdrawn, retired, or archived.

8.9.4(b) Method logs shall identify method title or identifier, method purpose, scope, owner, custodian, steward, proposer, source, version, effective date, status, evidence categories affected, technology domains affected, data classes affected, output classes affected, assumptions, limits, inputs, outputs, dependencies, exclusions, public-safe status, access status, review status, permitted use, prohibited use, correction path, supersession path, withdrawal path, retirement path, and archive path.

8.9.4(c) Method logs shall cover, where material, source comparison methods, corroboration methods, contradiction methods, dispute methods, confidence scoring methods, uncertainty treatment methods, limitation statement methods, public-safe output methods, dashboard methods, map methods, AI-assisted retrieval methods, AI-assisted classification methods, model evaluation methods, benchmark methods, observability methods, evidence routing methods, dependency tracking methods, correction methods, and interface methods.

8.9.4(d) Method logs shall identify method applications, including the evidence records, datasets, models, observability records, outputs, Evidence Packs, Decision Packs, dashboards, maps, reports, APIs, GRF inputs, GRA inputs, Protocol Authority inputs, public authority learning outputs, public-safe outputs, controlled-room outputs, and public claims to which the method was applied.

8.9.4(e) Method logs shall preserve method-change history, including method correction, recalibration, revalidation, restriction, deprecation, supersession, withdrawal, retirement, archive, and affected-output review.

8.9.4(f) Method logs shall identify AI use, model use, automated scoring, statistical weighting, dashboard rules, threshold rules, retrieval rules, public-safe release rules, controlled-room release rules, finance-boundary rules, public authority boundary rules, provider-neutrality rules, sponsor non-control rules, and human review requirements where material.

8.9.4(g) Where a method log reveals unregistered method use, method drift, method misuse, method overclaim, method conflict, method uncertainty, method defect, or method dependency failure, affected outputs shall be reviewed and routed for correction, restriction, downgrade, supersession, withdrawal, retraction, training update, method update, or assurance review.

8.9.4(h) The controlling rule shall be that method logs make institutional reasoning reviewable; without them, outputs become unsupported assertion.

***

8.9.5 Model Logs.\
8.9.5(a) GCRI Canada shall maintain, or cause to be maintained, model logs for material models used in Nexus Truth Engine activities, including AI models, machine learning models, statistical models, foundation models, generative models, agentic AI systems, retrieval models, classification models, risk models, climate models, disaster models, wildfire models, flood models, biodiversity models, digital twin models, simulation models, scenario models, cyber models, geospatial models, sensor fusion models, AI-RAN signal models, finance-facing evidence models where any, and public-safe communication models.

8.9.5(b) Model logs shall identify model title or identifier, model type, owner where known, custodian, steward, source, version, provider where any, developer where any, purpose, scope, training status, fine-tuning status, embedding status, retrieval status, inference status, deployment status, access status, public-safe status, AI-use status, data inputs, permitted use, prohibited use, model card where any, system card where any, dataset dependencies, benchmark dependencies, evaluation records, inference records, human review requirements, confidence treatment, uncertainty treatment, limitations, bias risks, drift risks, hallucination risks, cybersecurity risks, privacy risks, sovereign data risks, protected knowledge risks, public authority risks, finance risks, procurement risks, correction path, supersession path, withdrawal path, retirement path, and archive path.

8.9.5(c) Model logs shall identify material model uses, including retrieval, summarization, classification, source comparison, entity resolution, anomaly detection, contradiction detection, confidence scoring, uncertainty explanation, dashboard generation, map generation, public-safe drafting, translation support, routing support, correction workflow support, and evidence-pack or decision-pack support.

8.9.5(d) Model logs shall identify evaluation status, benchmark conditions, test records, validation-sprint records, performance limits, reproducibility status, known failure modes, input constraints, output constraints, prompt-injection risks, data leakage risks, unauthorized retrieval risks, tool-use risks, agentic overreach risks, and safety controls.

8.9.5(e) Model logs shall not be used to imply that a model output is validated, certified, recognized, finance-ready, public-authority-approved, procurement-approved, provider-endorsed, sponsor-approved, protocol-effective, operationally cleared, guaranteed, or execution-ready.

8.9.5(f) Where a model is corrected, updated, re-evaluated, reclassified, restricted, drift-affected, bias-affected, hallucination-affected, privacy-affected, cyber-affected, superseded, withdrawn, retired, or archived, affected Truth Engine outputs and downstream dependencies shall be reviewed.

8.9.5(g) Where model use cannot be adequately logged without exposing restricted material, GCRI Canada shall preserve controlled model logs and may provide public-safe model-use summaries where appropriate.

8.9.5(h) The controlling rule shall be that models may assist Truth Engine reasoning only where model identity, purpose, limits, evaluation, use, and correction path are auditable.

***

8.9.6 Prompt / Query / Retrieval Logs Where Applicable.\
8.9.6(a) GCRI Canada shall maintain, or cause to be maintained, prompt, query, and retrieval logs where such logs are material to understanding, reviewing, challenging, correcting, reproducing, or safely explaining Nexus Truth Engine outputs.

8.9.6(b) Prompt logs may identify prompt or instruction category, system instruction category, user instruction category where appropriate and safe, prompt version, prompt purpose, model used, input class, access class, handling class, public-safe status, prohibited input class, prohibited output class, human review requirement, and correction path.

8.9.6(c) Query logs may identify query title or identifier, query purpose, data sources searched, search scope, filters, time frame, ontology terms, controlled vocabulary terms, retrieval method, access status, public-safe status, reviewer, date, and output relationship.

8.9.6(d) Retrieval logs may identify retrieved records, record versions, source repositories, retrieval method, ranking or selection method where material, excluded sources where material, missing sources where material, access controls, classification filters, public-safe filters, AI-use restrictions, and dependency links.

8.9.6(e) Prompt, query, and retrieval logs shall be proportionate and shall not retain personal information, rights-bearing data, protected knowledge, confidential source information, cyber-sensitive information, infrastructure-sensitive information, public authority restricted information, sovereign-sensitive information, finance-sensitive information, privileged information, or controlled technology beyond lawful, necessary, secure, and purpose-bound limits.

8.9.6(f) Where full prompt, query, or retrieval logging would create privacy, cybersecurity, protected knowledge, public authority, legal, privilege, security, or safety risk, GCRI Canada may use redacted, summarized, hashed, controlled, or access-restricted logs sufficient to preserve auditability without unsafe exposure.

8.9.6(g) Prompt, query, and retrieval logs shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.9.6(h) The controlling rule shall be that prompts, queries, and retrieval steps should be auditable where they affect output meaning, but logging itself must remain privacy-preserving, security-aware, and public-safe.

***

8.9.7 Reviewer Logs.\
8.9.7(a) GCRI Canada shall maintain, or cause to be maintained, reviewer logs for material human review of Nexus Truth Engine inputs, methods, model uses, source comparisons, confidence scores, uncertainty treatments, limitations, public-safe outputs, controlled-room outputs, dashboards, maps, reports, APIs, Evidence Packs, Decision Packs, GRF inputs, GRA inputs, Protocol Authority inputs, public authority learning outputs, Observatory outputs, Risk Management outputs, Rails outputs, Academy outputs, corrections, supersessions, withdrawals, retractions, reclassifications, and archives.

8.9.7(b) Reviewer logs shall identify reviewer role, reviewer authority, reviewer competence, reviewer access authority, review scope, review type, review method, review date, evidence reviewed, method reviewed, model reviewed, data reviewed, output reviewed, conflict status, independence status where material, dissent where any, limitation where any, approval where any, escalation pathway, and closeout requirement.

8.9.7(c) Reviewer logs shall distinguish evidence steward review, method steward review, data steward review, model steward review, observability steward review, ontology review, controlled vocabulary review, public-safe publication review, privacy review, cybersecurity review, AI review, sovereign data review, safeguards review, Indigenous or protected knowledge review, public authority boundary review, finance boundary review, provider-neutrality review, sponsor non-control review, competition review, legal review, interface review, committee review, officer review, Board review, and external expert review where applicable.

8.9.7(d) Reviewer logs shall record material dissent, unresolved concerns, scope limitations, excluded materials, missing review inputs, time constraints, access constraints, reviewer conflicts, reviewer recusals, and conditions attached to approval.

8.9.7(e) Reviewer logs shall not be used to imply that review equals certification, recognition, finance-readiness, public authority approval, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence.

8.9.7(f) Where reviewer logs involve sensitive personnel information, protected participation, confidential sources, public authority restricted materials, privileged materials, Indigenous or protected knowledge, cyber-sensitive materials, or legal sensitivity, access shall be limited to authorized persons under appropriate handling controls.

8.9.7(g) Where a reviewer log is corrected, challenged, reclassified, restricted, superseded, withdrawn, or archived, affected outputs and approvals shall be reviewed.

8.9.7(h) The controlling rule shall be that human review must be visible enough to support accountability and bounded enough to protect safety, confidentiality, independence, and lawful review.

***

8.9.8 Confidence Change Logs.\
8.9.8(a) GCRI Canada shall maintain, or cause to be maintained, confidence change logs for material confidence scores, confidence bands, confidence labels, confidence notes, confidence indicators, confidence thresholds, and confidence-related output states used in Nexus Truth Engine activities.

8.9.8(b) Confidence change logs shall identify the affected record or output, prior confidence status, new confidence status, confidence method, method version, reason for change, source of change, reviewer, approving actor where required, date, effective date, evidence affected, methods affected, data affected, models affected, observability affected, public-safe effect, finance-safe effect where material, public authority effect where material, provider effect where material, sponsor effect where material, community effect where material, protected knowledge effect where material, affected dependencies, notice decision, and correction path.

8.9.8(c) Confidence change logs shall distinguish increase, decrease, qualification, downgrade, suspension, reinstatement, correction, recalibration, reclassification, supersession, withdrawal, retraction, retirement, archive, and no-change determinations.

8.9.8(d) Confidence increases shall identify the additional basis for increased confidence and shall not be made merely because an output has become more visible, sponsor-supported, provider-promoted, public authority-attended, finance-facing, media-facing, dashboard-displayed, repeated in public materials, or incorporated into Nexus interfaces.

8.9.8(e) Confidence decreases shall identify the basis for reduced confidence and shall not be suppressed because of reputational concern, sponsor concern, provider concern, public authority concern, capital-reader concern, media concern, program deadlines, event timing, or public visibility.

8.9.8(f) Where confidence changes affect public-safe outputs, dashboards, maps, Evidence Packs, Decision Packs, GRF inputs, GRA inputs, Protocol Authority inputs, public authority learning outputs, Observatory outputs, Risk Management outputs, Rails outputs, Academy outputs, technical baselines, public-good software, provider materials, sponsor materials, host materials, community-facing materials, or public claims, downstream dependency review shall be conducted.

8.9.8(g) Confidence change logs shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.9.8(h) The controlling rule shall be that confidence changes must be logged because confidence without change history cannot be audited, trusted, or corrected.

***

8.9.9 Output Version Logs.\
8.9.9(a) GCRI Canada shall maintain, or cause to be maintained, output version logs for material Nexus Truth Engine outputs, including internal evidence outputs, controlled-room outputs, public-safe outputs, public authority learning outputs, GRF input outputs, GRA input outputs, Protocol Authority input outputs, Nexus Observatory outputs, Nexus Risk Management outputs, Nexus Rails outputs, Academy and training outputs, dashboards, maps, reports, APIs, datasets, Evidence Packs, Decision Packs, technical annexes, public-good software outputs, technical baselines, and correction notices.

8.9.9(b) Output version logs shall identify output title or identifier, output class, output form, version number or identifier, prior version, superseding version, effective date, release date where any, status, owner, custodian, steward, reviewer, approving actor where applicable, source records, method records, data dependencies, model dependencies, observability dependencies, ontology dependencies, confidence status, uncertainty status, limitation status, public-safe status, access class, handling class, permitted use, prohibited use, boundary language, and correction path.

8.9.9(c) Output version logs shall record material changes, including changes to sources, data, methods, models, confidence, uncertainty, limitations, public-safe classification, access class, handling class, boundary language, audience, permitted use, prohibited use, dashboard design, map design, API schema, dataset fields, evidence dependencies, and correction status.

8.9.9(d) Outputs shall not be silently overwritten where material meaning, status, classification, confidence, uncertainty, limitations, boundary language, audience, permitted use, prohibited use, or downstream dependency changes. Prior versions shall be preserved according to applicable retention, archive, security, privacy, public authority, protected knowledge, and legal requirements.

8.9.9(e) Where a version change corrects, supersedes, withdraws, retracts, restricts, downgrades, suspends, reinstates, retires, or archives an output, the output version log shall link to the relevant correction, supersession, withdrawal, retraction, reclassification, suspension, reinstatement, retirement, or archive record.

8.9.9(f) Output version logs shall support downstream dependency review by identifying which versions were used in which Evidence Packs, Decision Packs, dashboards, maps, reports, APIs, GRF inputs, GRA inputs, Protocol Authority inputs, public authority learning outputs, Observatory outputs, Risk Management outputs, Rails outputs, Academy outputs, provider materials, sponsor materials, host materials, community-facing materials, public-safe publications, public claims, or interface records.

8.9.9(g) Output version logs shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.9.9(h) The controlling rule shall be that output versions must be logged because public-good truth changes through traceable versioning, not silent replacement.

***

8.9.10 Access Logs and Controlled-Room Logs.\
8.9.10(a) GCRI Canada shall maintain, or cause to be maintained, access logs and controlled-room logs for material Nexus Truth Engine systems, outputs, repositories, dashboards, maps, APIs, datasets, Evidence Packs, Decision Packs, technical annexes, public authority rooms, finance-safe rooms, evidence rooms, clean rooms, cyber rooms, safeguards rooms, protected knowledge rooms, and other restricted environments.

8.9.10(b) Access logs shall identify, where appropriate and lawful, user or actor identity, role, organization, capacity, access authority, access date, access time, resource accessed, output version accessed, access method, access purpose, access class, handling class, export activity, download activity, API-call activity, dashboard-view activity, map-view activity, modification activity, citation activity, sharing activity, and denied access attempts where material.

8.9.10(c) Controlled-room logs shall identify room purpose, room custodian, host where any, sponsor where any, authorized participants, participant roles, capacity classification, access conditions, confidentiality terms, data classes, evidence classes, output classes, AI-use rules, recording rules, export rules, citation rules, redistribution rules, public-safe summary rules, permitted use, prohibited use, boundary language, closeout condition, and correction path.

8.9.10(d) Access logs and controlled-room logs shall be designed to preserve privacy, cybersecurity, protected participation, public authority restrictions, sovereign data controls, protected knowledge safeguards, confidential source protection, privilege, legal sensitivity, and do-no-harm obligations.

8.9.10(e) Access logs shall not be used for retaliation, improper surveillance, improper public authority disclosure, sponsor monitoring, provider monitoring beyond proper audit need, labor control, political targeting, community targeting, or any use inconsistent with GCRI Canada’s public-benefit purpose and legal obligations.

8.9.10(f) Where unauthorized access, improper export, improper disclosure, improper AI use, improper screenshotting, improper redistribution, improper citation, access anomaly, controlled-room breach, credential compromise, or other access integrity issue is detected, GCRI Canada shall route the matter to cybersecurity review, privacy review, safeguards review, public authority review where applicable, legal review, correction, notice, restriction, suspension, termination, or incident response as appropriate.

8.9.10(g) Access logs and controlled-room logs shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.9.10(h) The controlling rule shall be that access to Truth Engine outputs must be auditable because control over who saw, used, changed, exported, or relied upon evidence is part of evidence integrity.

***

8.9.11 Correction, Supersession, Withdrawal, Retraction, Reclassification, and Archive Logs.\
8.9.11(a) GCRI Canada shall maintain, or cause to be maintained, correction, supersession, withdrawal, retraction, reclassification, restriction, downgrade, suspension, reinstatement, retirement, and archive logs for material Nexus Truth Engine records and outputs.

8.9.11(b) Correction logs shall identify affected record or output, correction type, source of correction, challenger where appropriate and safe, reviewer, approving actor where applicable, prior status, corrected status, reason, evidence basis, method basis, classification effect, confidence effect, uncertainty effect, public-safe effect, finance-safe effect where material, public authority effect where material, provider effect where material, sponsor effect where material, community effect where material, protected knowledge effect where material, affected dependencies, notice decision, closeout requirements, and archive treatment.

8.9.11(c) Supersession logs shall identify prior record or output, superseding record or output, supersession basis, effective date, scope of replacement, continuing validity where any, discontinued reliance where any, affected audiences, affected downstream uses, correction notices, and archive treatment.

8.9.11(d) Withdrawal logs shall identify record or output withdrawn, reason for withdrawal, effective date, scope of withdrawal, prohibited continued uses, affected dependencies, notice requirements, archive status, public-safe status, controlled access status, and replacement status where any.

8.9.11(e) Retraction logs shall identify public or material claim retracted, reason for retraction, prior public meaning, corrected public meaning where any, effective date, affected audiences, affected dependencies, public-safe notice, controlled notice, archive status, and future citation restrictions.

8.9.11(f) Reclassification logs shall identify prior classification, new classification, reason, effective date, access effect, handling effect, public-safe effect, finance-safe effect where material, public authority-facing effect where material, provider-facing effect where material, sponsor-facing effect where material, community-facing effect where material, protected knowledge effect where material, and affected dependencies.

8.9.11(g) Archive logs shall preserve identity, version history, review history, correction history, status history, dependency links, access restrictions, retention basis, public-safe status, withdrawal or retraction status, and future retrieval limits.

8.9.11(h) Logs under this section shall not silently delete, overwrite, or obscure prior institutional history except where legally required or necessary to protect persons, communities, public authorities, privacy, cybersecurity, protected knowledge, lawful confidentiality, privilege, or safety.

8.9.11(i) Logs under this section shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.9.11(j) The controlling rule shall be that Truth Engine auditability requires records not only of what was produced, but of how it changed, why it changed, who reviewed the change, what reliance was affected, and how institutional memory was preserved.

***

8.9.12 Audit Sampling, Independent Review, Board / Committee Reporting, and Public-Safe Assurance Summaries.\
8.9.12(a) GCRI Canada shall maintain, or cause to be maintained, audit sampling, independent review, Board or committee reporting, and public-safe assurance summary practices for material Nexus Truth Engine use.

8.9.12(b) Audit sampling may review source logs, data lineage logs, method logs, model logs, prompt logs where applicable, query logs, retrieval logs, reviewer logs, confidence change logs, output version logs, access logs, controlled-room logs, correction logs, dependency logs, public-safe output records, Evidence Pack records, Decision Pack records, dashboard records, map records, API records, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, and public claims records.

8.9.12(c) Audit sampling shall be risk-based and may prioritize high-consequence outputs, public-safe outputs, public authority learning outputs, finance-facing outputs, GRF inputs, GRA inputs, Protocol Authority inputs, public dashboards, public maps, controlled-room materials, AI-assisted outputs, model-dependent outputs, sponsor-supported outputs, provider-involved outputs, public claims, disputed outputs, corrected outputs, withdrawn outputs, retracted outputs, and outputs with significant downstream dependencies.

8.9.12(d) Independent review may be used where material risk involves public trust, public-safe publication, public authority boundary, finance boundary, provider neutrality, sponsor non-control, privacy, cybersecurity, sovereign data, protected knowledge, Indigenous or community safeguards, AI governance, model governance, high-consequence uncertainty, major public claims, systemic correction failure, or board-level concern.

8.9.12(e) Board or committee reporting shall be required where audit findings involve constitutional invariants, mission lock, non-execution, legal separateness, public-good stack discipline, public authority boundary, finance boundary, major data risk, major AI risk, major cybersecurity risk, major safeguards risk, public-facing overclaim, sponsor or provider influence, systemic audit failure, systemic correction failure, material public reliance, or high-consequence downstream dependency.

8.9.12(f) Public-safe assurance summaries may describe audit scope, audit period, categories reviewed, general assurance posture, correction posture, public-safe publication posture, method integrity posture, register integrity posture, interface integrity posture, material improvement priorities, and corrective action progress, provided that restricted details are not disclosed and assurance is not overstated.

8.9.12(g) Audit findings may require corrective action plans, training updates, method updates, model updates, repository updates, dashboard updates, map updates, access changes, controlled-room changes, public-safe correction notices, controlled notices, public authority clarification, finance-boundary clarification, provider-neutrality corrections, sponsor non-control corrections, interface revisions, Board action, or suspension of affected Truth Engine uses.

8.9.12(h) Audit, independent review, Board reporting, committee reporting, and public-safe assurance summaries shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.9.12(i) The controlling rule shall be that Truth Engine auditability must be periodically tested, independently reviewed where risk requires, reported to governance where material, and summarized publicly only in a manner that strengthens trust without creating unsafe reliance or unauthorized authority.

### 8.10 Verifiable Compute Purpose

8.10.1 Verifiable Compute as Evidence-Linked, Permissioned, Logged, Scoped, Secured, Auditable, Public-Safe, and Correctionable Compute Practice.\
8.10.1(a) GCRI Canada may steward Verifiable Compute as an evidence-linked, permissioned, logged, scoped, secured, auditable, public-safe, and correctionable compute practice within its public-benefit, non-executing, evidence-and-methods mandate.

8.10.1(b) Verifiable Compute shall mean compute activity whose purpose, authority, inputs, data classes, evidence classes, methods, models, tools, systems, permissions, access controls, runtime context where material, outputs, logs, limitations, public-safe status, dependencies, and correction path are recorded or capable of being established through an equivalent records-valid system.

8.10.1(c) Verifiable Compute may support data-to-evidence conversion, source comparison, confidence scoring, uncertainty treatment, model evaluation, simulation, digital twin analysis, geospatial analysis, sensor fusion, cyber analysis, benchmark analysis, evidence pack generation, decision pack generation, public-safe summarization, dashboard generation, map generation, public-good software testing, technical baseline support, and correction workflows.

8.10.1(d) Verifiable Compute shall be permissioned. No compute activity shall be treated as Verifiable Compute unless the data, models, systems, repositories, APIs, tools, credentials, environments, and outputs used in the activity are accessed and processed within recorded authority, lawful basis where applicable, permitted-use limits, prohibited-use limits, access controls, handling classes, and security controls.

8.10.1(e) Verifiable Compute shall be scoped. Each material compute activity shall identify the evidence question, method purpose, system purpose, permitted inputs, prohibited inputs, permitted outputs, prohibited outputs, intended audience, excluded use, public-safe status, controlled-room status where applicable, and downstream dependency implications.

8.10.1(f) Verifiable Compute shall be secured. Compute environments, repositories, tools, models, datasets, credentials, logs, secrets, outputs, and dependencies shall be protected through cybersecurity controls proportionate to risk, including identity, access, least privilege, segmentation, encryption where appropriate, logging, vulnerability management, repository security, build and release controls, and incident handling.

8.10.1(g) Verifiable Compute shall be correctionable. Where compute inputs, methods, models, permissions, outputs, logs, dependencies, security status, public-safe status, or boundary language are corrected, challenged, reclassified, restricted, superseded, withdrawn, retired, or archived, affected downstream records and outputs shall be reviewed.

8.10.1(h) The controlling rule shall be that compute is verifiable only where it can be linked to evidence, authorized by record, bounded by purpose, secured by controls, audited through logs, interpreted through limitations, and corrected when the record changes.

***

8.10.2 Verifiable Compute as Support for Evidence Integrity, Not Execution Authority.\
8.10.2(a) Verifiable Compute shall support evidence integrity and shall not create execution authority, operational authority, infrastructure authority, public authority, market authority, procurement authority, finance authority, certification authority, recognition authority, protocol authority, provider authority, sponsor authority, or emergency-command authority by default.

8.10.2(b) Verifiable Compute may strengthen evidence integrity by making computational steps traceable, repeatable where appropriate, reviewable, challengeable, secured, permissioned, limitation-aware, and correctionable.

8.10.2(c) Verifiable Compute shall not operate, manage, control, deploy, finance, insure, underwrite, procure, certify, recognize, approve, rate, guarantee, command, warn, regulate, enforce, or execute any technology, system, infrastructure, project, National Company, Project SPV, provider, host, public authority action, market activity, or public safety action by default.

8.10.2(d) Compute logs, reproducibility records, benchmark records, model evaluations, simulation outputs, digital twin outputs, proof receipts, hashes, cryptographic attestations, audit trails, trusted execution records, signatures, repository records, or system cards shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.10.2(e) Where a downstream actor uses Verifiable Compute outputs in its own decision-making, financing, procurement, public authority process, protocol process, recognition process, operational process, or execution process, such use shall remain the downstream actor’s own use within its own authority, procedures, records, duties, and liabilities.

8.10.2(f) GCRI Canada shall not describe Verifiable Compute as making a project, provider, technology, model, infrastructure, dataset, system, benchmark, public authority output, finance-facing output, or Nexus output approved, certified, finance-ready, safe, compliant, public-authority-adopted, guaranteed, or execution-ready.

8.10.2(g) Where Verifiable Compute is misread or misused as execution authority, GCRI Canada shall correct, relabel, restrict, withdraw, reissue, suspend access, notify affected dependencies, or require removal of misleading references as appropriate.

8.10.2(h) The controlling rule shall be that Verifiable Compute may make computation more trustworthy as evidence support, but shall not make GCRI Canada an execution actor.

***

8.10.3 Verifiable Compute as Support for Nexus Truth Engine, Nexus Observatory, Public-Good Software, Open Technical Baselines, Secure Research, and Public-Safe Intelligence.\
8.10.3(a) GCRI Canada may use Verifiable Compute to support the Nexus Truth Engine, Nexus Observatory, public-good software, open technical baselines, secure research, public-safe intelligence, evidence methods, observability methods, ontology methods, confidence methods, uncertainty methods, correction methods, and public-safe publication methods.

8.10.3(b) Verifiable Compute may support the Nexus Truth Engine by enabling auditable source comparison, confidence scoring, uncertainty treatment, contradiction detection, dispute handling, retrieval governance, AI-assisted summarization, model evaluation, inference logging, benchmark testing, public-safe output generation, and correction workflows.

8.10.3(c) Verifiable Compute may support the Nexus Observatory by enabling auditable processing of sensor evidence, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, cyber logs, geospatial data, Earth observation, satellite data, digital twin assumptions, dashboard outputs, map outputs, degraded-mode records, resilience indicators, continuity signals, and public-safe Observatory summaries.

8.10.3(d) Verifiable Compute may support public-good software and open technical baselines by enabling secure build, test, validation, benchmark, dependency review, release notes, reproducibility records where appropriate, vulnerability review, model review, API review, schema review, and correction records.

8.10.3(e) Verifiable Compute may support secure research by enabling controlled environments, controlled datasets, lawful research processing, reproducible analysis where appropriate, privacy-preserving computation, compute-to-data approaches, secure collaboration, access logging, and public-safe publication review.

8.10.3(f) Verifiable Compute may support public-safe intelligence by converting restricted or sensitive computation into bounded, redacted, aggregated, generalized, classified, controlled, or public-safe outputs without unsafe disclosure.

8.10.3(g) Support under this section shall preserve non-execution, legal separateness, public-good stack discipline, enterprise-stack separation, public authority boundaries, finance boundaries, provider neutrality, sponsor non-control, privacy, cybersecurity, sovereign data, protected knowledge safeguards, public-safe publication, validity-by-record, and correctionability.

8.10.3(h) The controlling rule shall be that Verifiable Compute supports Nexus public-good truth infrastructure only where compute activity remains records-valid, bounded, secured, public-safe, and non-executing.

***

8.10.4 Verifiable Compute as Distinct From Cloud Operation, Infrastructure Operation, Public Authority Operation, Licensed Market Infrastructure, or Execution Platform by GCRI Canada.\
8.10.4(a) Verifiable Compute shall be distinct from cloud operation, infrastructure operation, telecommunications operation, AI-RAN operation, O-RAN operation, DePIN operation, digital infrastructure operation, public authority operation, emergency-management operation, licensed market infrastructure, regulated financial infrastructure, procurement platform operation, commercial marketplace operation, or execution platform operation by GCRI Canada.

8.10.4(b) GCRI Canada may use or steward methods for compute environments, cloud services, secure repositories, clean rooms, data rooms, trusted execution environments, secure research environments, sandbox environments, dashboards, maps, APIs, public-good software, and technical baselines, but such use or stewardship shall not make GCRI Canada the operator of the underlying infrastructure unless expressly and lawfully recorded within its non-executing mandate and permitted boundaries.

8.10.4(c) Verifiable Compute shall not be described as a managed cloud service, infrastructure-as-a-service, regulated platform, licensed exchange, clearing system, payment system, securities system, insurance system, credit system, public finance system, public authority system, emergency command system, public warning system, procurement system, operational technology system, or commercial deployment platform by GCRI Canada.

8.10.4(d) Where compute infrastructure is provided by cloud providers, universities, hosts, public authorities, providers, sponsors, National Companies, Project SPVs, laboratories, or other actors, GCRI Canada’s Verifiable Compute role shall remain limited to evidence-linked methods, records, safeguards, and public-safe outputs unless otherwise lawfully recorded and within mission.

8.10.4(e) Infrastructure providers, cloud providers, AI model providers, host institutions, public authorities, National Companies, Project SPVs, providers, and sponsors shall remain responsible for their own systems, controls, operations, security obligations, service delivery, compliance, contracts, incidents, and liabilities.

8.10.4(f) Verifiable Compute shall not create operational control merely because GCRI Canada designs methods, reviews logs, uses secure compute, maintains public-good software, contributes to technical baselines, reviews outputs, or records compute evidence.

8.10.4(g) Where Verifiable Compute is at risk of being perceived as cloud operation, infrastructure operation, public authority operation, licensed market infrastructure, procurement platform, commercial deployment platform, or execution platform, GCRI Canada shall narrow, relabel, restructure, hand off, restrict, or refuse the activity.

8.10.4(h) The controlling rule shall be that GCRI Canada may make compute evidence-verifiable without becoming the operator of the infrastructure on which compute runs.

***

8.10.5 Verifiable Compute as Sovereignty-Compatible, Privacy-Preserving, Security-Controlled, and Records-Valid.\
8.10.5(a) Verifiable Compute shall be sovereignty-compatible, privacy-preserving, security-controlled, and records-valid.

8.10.5(b) Sovereignty-compatible Verifiable Compute shall respect sovereign data zones, localization requirements, compute-to-data approaches, public authority data controls, Indigenous data considerations, community data safeguards, cross-border transfer restrictions, conflict-of-law risks, jurisdictional restrictions, public-sector restrictions, and lawful data-sharing terms.

8.10.5(c) Privacy-preserving Verifiable Compute shall respect purpose limitation, data minimization, de-identification where appropriate, pseudonymization where appropriate, aggregation, redaction, access controls, retention limits, rights-bearing data controls, re-identification risk, inference risk, metadata exposure, secondary-use limits, and public-safe release controls.

8.10.5(d) Security-controlled Verifiable Compute shall respect identity and access management, least privilege, credential management, secrets management, encryption where appropriate, secure repositories, secure collaboration, logging, monitoring, vulnerability management, dependency management, build and release controls, incident response, backup, recovery, and secure decommissioning.

8.10.5(e) Records-valid Verifiable Compute shall preserve compute purpose, inputs, outputs, data lineage, method version, model version, tool version, environment identity where material, reviewer, access logs, output version logs, public-safe notes, limitations, dependency links, and correction path.

8.10.5(f) Verifiable Compute involving personal information, rights-bearing data, public authority data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, community-protected data, Indigenous or local knowledge, protected knowledge, finance-sensitive data, commercially sensitive data, source-protected information, or controlled technology shall be subject to heightened review and access controls.

8.10.5(g) Where compute cannot be made sovereignty-compatible, privacy-preserving, security-controlled, and records-valid at a level proportionate to the data, evidence, system, and output risk, GCRI Canada shall not proceed unless the activity is narrowed, redesigned, restricted, or approved through a records-valid risk decision by competent authority.

8.10.5(h) The controlling rule shall be that compute cannot be public-good compute unless it respects sovereignty, privacy, security, records, and correction.

***

8.10.6 Verifiable Compute as Applicable to AI, Simulations, Digital Twins, Geospatial Analysis, Sensor Fusion, Cyber Analysis, Benchmarking, Evidence Packs, and Public-Safe Outputs.\
8.10.6(a) Verifiable Compute may apply to AI, simulations, digital twins, geospatial analysis, sensor fusion, cyber analysis, benchmarking, Evidence Packs, Decision Packs, public-safe outputs, dashboards, maps, APIs, datasets, technical baselines, public-good software, and other evidence-supporting computational activities.

8.10.6(b) AI-related Verifiable Compute may include model evaluation, retrieval, summarization, classification, source comparison, confidence scoring, uncertainty explanation, entity resolution, anomaly detection, contradiction detection, public-safe drafting, translation support, routing support, correction support, inference logging, benchmark evaluation, and human review workflows.

8.10.6(c) Simulation and digital twin Verifiable Compute may include scenario definition, input registration, assumption logging, model versioning, calibration records, validation records, sensitivity analysis, uncertainty propagation, output limitation statements, public-safe classification, and correction records.

8.10.6(d) Geospatial Verifiable Compute may include geospatial source registration, resolution treatment, safe-location treatment, aggregation, masking, remote sensing analysis, Earth observation processing, satellite data processing, map-layer versioning, projection treatment, sensitive-site protection, community-identifiability review, infrastructure-sensitive review, and public-safe map output review.

8.10.6(e) Sensor fusion Verifiable Compute may include sensor identity, reference sensor status, calibration, timestamp synchronization, location integrity, AI-RAN signal treatment, O-RAN signal treatment, private wireless signal treatment, DePIN telemetry treatment, cyber telemetry treatment, signal confidence, spoof-risk review, degraded-mode treatment, and correction routing.

8.10.6(f) Cyber analysis Verifiable Compute may include log analysis, anomaly detection, vulnerability-context review, incident-evidence treatment, malware or exploit-sensitive handling, secure repository review, dependency review, SBOM-related review where applicable, access log review, and public-safe cybersecurity summary controls.

8.10.6(g) Benchmarking Verifiable Compute may include benchmark method records, test conditions, dataset dependencies, model dependencies, hardware conditions, software conditions, environmental conditions, provider role where any, sponsor role where any, reproducibility status, limitations, prohibited claims, provider-neutrality status, sponsor non-control status, and correction path.

8.10.6(h) Evidence Pack and public-safe output Verifiable Compute may include evidence dependency tracking, automated or assisted assembly, redaction, aggregation, limitation insertion, boundary-language insertion, public-safe review, output versioning, publication logs, and correction workflows.

8.10.6(i) The controlling rule shall be that Verifiable Compute may apply across technical domains only where the compute record preserves evidence meaning, limitations, safeguards, and non-execution boundaries.

***

8.10.7 Verifiable Compute as Subject to Legal, Privacy, Cybersecurity, Export-Control, Sanctions, Public Authority, and Protected Knowledge Review.\
8.10.7(a) Verifiable Compute shall be subject to legal, privacy, cybersecurity, AI, data, sovereign data, export-control, sanctions, public authority, safeguards, Indigenous and protected knowledge, controlled technology, finance-boundary, provider-neutrality, sponsor non-control, and public-safe review where risk requires.

8.10.7(b) Legal review shall apply where compute may implicate contracts, licenses, confidentiality, IP, public authority restrictions, regulated activity, professional advice, public-law sensitivity, data-sharing limits, liability allocation, cross-border restrictions, export control, sanctions, controlled technology, procurement sensitivity, finance sensitivity, or legal privilege.

8.10.7(c) Privacy review shall apply where compute uses or may reveal personal information, rights-bearing data, inferred attributes, location data, health-sensitive data, small-group identifiable data, behavioral data, metadata, re-identification risk, profiling risk, or unsafe secondary-use risk.

8.10.7(d) Cybersecurity review shall apply where compute uses sensitive repositories, cloud environments, APIs, models, credentials, secrets, logs, system telemetry, cyber evidence, vulnerability information, exploit-sensitive information, infrastructure-sensitive information, code, build pipelines, or third-party dependencies.

8.10.7(e) Export-control and sanctions review shall apply where compute may involve controlled technology, dual-use systems, restricted jurisdictions, restricted parties, controlled datasets, advanced computing, AI models, encryption, cybersecurity tools, satellite data, geospatial data, telecommunications systems, semiconductors, quantum-relevant systems, or other regulated technology domains.

8.10.7(f) Public authority review shall apply where compute uses public authority data, public-sector systems, public authority rooms, emergency-management context, public finance context, procurement context, regulator-listening context, official data restrictions, agency references, or public-sector outputs.

8.10.7(g) Protected knowledge and safeguards review shall apply where compute uses community-protected data, Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, sensitive site information, protected persons information, confidential community inputs, or knowledge shared under trust conditions.

8.10.7(h) Finance-boundary, provider-neutrality, and sponsor non-control review shall apply where compute outputs may be used in finance-facing materials, provider comparisons, sponsor reports, capital-reader rooms, public authority rooms, validation sprints, benchmarks, National Company interfaces, Project SPV interfaces, procurement-adjacent settings, or public claims.

8.10.7(i) Where review identifies unacceptable or unmitigated risk, GCRI Canada shall hold, narrow, restrict, redesign, reclassify, secure, anonymize, aggregate, redact, transfer to controlled room, refuse, suspend, withdraw, or correct the compute activity or output.

8.10.7(j) The controlling rule shall be that Verifiable Compute is not valid merely because it is technically logged; it must also be lawful, safe, safeguarded, boundary-controlled, and public-benefit compatible.

***

8.10.8 Verifiable Compute as Supporting Audit Trails, Reproducibility Where Appropriate, and Correction.\
8.10.8(a) Verifiable Compute shall support audit trails, reproducibility where appropriate, and correction.

8.10.8(b) Audit trails shall identify, where material, compute purpose, evidence question, data inputs, source records, data lineage, method version, model version, tool version, system or environment identity, runtime context where appropriate and safe, actor, reviewer, access events, output version, limitations, public-safe status, dependency links, and correction path.

8.10.8(c) Reproducibility may be required where appropriate for scientific integrity, technical review, benchmark review, model evaluation, public-good software testing, technical baseline support, public-safe publication, GRF input, GRA input, Protocol Authority support, public authority learning, or high-consequence outputs.

8.10.8(d) Reproducibility shall be bounded by privacy, cybersecurity, sovereign data, protected knowledge, public authority restrictions, confidentiality, legal restrictions, controlled technology, export-control, sanctions, IP, source protection, and public-safe limits. Where full reproducibility is unsafe or unlawful, GCRI Canada may preserve controlled reproducibility, partial reproducibility, method reproducibility, summary reproducibility, hash-linked reproducibility, or reviewer reproducibility.

8.10.8(e) Correction shall apply where compute inputs, source records, data lineage, methods, models, tool versions, environment state, logs, assumptions, outputs, public-safe status, boundary language, or downstream dependencies are inaccurate, incomplete, stale, misclassified, corrupted, unsafe, unauthorized, overclaimed, or no longer fit for purpose.

8.10.8(f) Where compute is re-run, replicated, corrected, superseded, withdrawn, or archived, GCRI Canada shall record the relationship between prior compute and later compute, including changes to inputs, methods, models, environments, outputs, confidence, uncertainty, limitations, public-safe status, and dependencies.

8.10.8(g) Audit trails and reproducibility records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.10.8(h) The controlling rule shall be that Verifiable Compute must make computation inspectable and correctable, but never convert computability into authority.

***

8.10.9 Verifiable Compute as Non-Rating, Non-Certifying, Non-Guaranteeing, and Non-Financial.\
8.10.9(a) Verifiable Compute shall be non-rating, non-certifying, non-guaranteeing, non-financial, non-procurement, non-public-authority, non-recognition, non-protocol-effect, non-provider-endorsement, non-sponsor-approval, non-public-warning, non-emergency-command, and non-executing by default.

8.10.9(b) No Verifiable Compute record, compute log, reproducibility record, benchmark output, model evaluation, system card, dataset card, model card, benchmark card, inference record, source comparison output, confidence score, public-safe output, dashboard, map, API, technical baseline, public-good software artifact, proof receipt, cryptographic record, or audit trail shall create rating, certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.10.9(c) Verifiable Compute shall not be marketed as a credit rating, investment rating, insurance rating, resilience rating, technology rating, provider rating, security certification, safety certification, compliance certification, public authority approval, procurement approval, finance-readiness determination, bankability determination, fundability determination, guarantee, underwriting approval, lending approval, public finance approval, or operational clearance.

8.10.9(d) Sponsor support, provider participation, host support, public authority attendance, capital-reader interest, public dashboard visibility, public-good software release, technical baseline publication, benchmark result, reproducibility claim, cryptographic attestation, or audit summary shall not convert Verifiable Compute into a rating, certification, guarantee, finance act, public authority act, procurement act, protocol act, or execution act.

8.10.9(e) Where a third party uses Verifiable Compute records or outputs to imply rating, certification, guarantee, finance-readiness, public authority approval, procurement preference, provider endorsement, sponsor approval, protocol effect, or execution readiness, GCRI Canada shall require correction, removal, withdrawal, retraction, public-safe clarification, controlled notice, interface suspension, contract remedy, or legal action where appropriate.

8.10.9(f) Verifiable Compute may support technical evidence understanding by competent actors, but any rating, certification, financial consequence, public authority consequence, procurement consequence, recognition consequence, protocol consequence, or execution consequence shall arise only through the competent actor’s own lawful process and record.

8.10.9(g) GCRI Canada shall not sell, license, package, or represent Verifiable Compute as a commercial rating, regulated financial product, certification product, procurement qualification, provider approval, public authority approval, guarantee, or execution clearance.

8.10.9(h) The controlling rule shall be that Verifiable Compute proves only what its records permit it to prove; it does not prove approval, value, safety, finance-readiness, legality, endorsement, or execution readiness.

***

8.10.10 Verifiable Compute Records as Constitutional Technical Records.\
8.10.10(a) Verifiable Compute records shall be treated as constitutional technical records within GCRI Canada’s evidence, methods, observability, ontology, technical truth, public-safe publication, and correction architecture.

8.10.10(b) Verifiable Compute records may include compute purpose records, data input records, source records, data lineage records, method records, model records, tool records, environment records, permission records, access records, runtime records where material and safe, prompt records where applicable, query records where applicable, retrieval records where applicable, inference records, output records, reviewer records, confidence records, uncertainty records, limitation records, public-safe records, benchmark records, system cards, model cards, dataset cards, correction records, supersession records, withdrawal records, retraction records, reclassification records, dependency records, and archive records.

8.10.10(c) Verifiable Compute records shall identify, where material, the compute activity, evidence question, purpose, scope, actor, owner, custodian, steward, system used, environment used, model used, data used, method used, tool used, version, date, access class, handling class, lawful basis where applicable, permissions, public-safe status, controlled-room status where applicable, confidence effect, uncertainty effect, limitations, permitted use, prohibited use, boundary language, downstream dependencies, correction path, supersession path, withdrawal path, retirement path, and archive path.

8.10.10(d) Verifiable Compute records shall be linked, where applicable, to the Evidence Register, Method Register, Dataset Register, Model Register, Observability Register, Ontology and Controlled Vocabulary Register, Evidence Pack Register, Decision Pack Register, Publication and Public-Safe Output Register, Correction Register, Dependency Register, Output Class Register, Truth Engine audit logs, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, Nexus interface records, and public claims records.

8.10.10(e) Verifiable Compute records shall be retained according to applicable retention, privacy, cybersecurity, sovereign data, public authority, protected knowledge, legal, archival, and public-benefit requirements, and shall not be silently deleted, overwritten, or obscured except where legally required or necessary to protect persons, communities, public authorities, privacy, cybersecurity, protected knowledge, lawful confidentiality, privilege, or safety.

8.10.10(f) Where Verifiable Compute records are corrected, challenged, reclassified, restricted, downgraded, suspended, reinstated, superseded, withdrawn, retracted, retired, or archived, affected downstream records and outputs shall be reviewed.

8.10.10(g) Verifiable Compute records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.10.10(h) The controlling rule shall be that Verifiable Compute records are constitutional technical records because evidence-based intelligence cannot remain trustworthy unless the computation that shaped it is authorized, logged, scoped, secured, auditable, public-safe, and correctionable.

### 8.11 Compute Workload Records

8.11.1 Compute Workload Record Requirement for Material Compute Supporting GCRI Canada Outputs.\
8.11.1(a) GCRI Canada shall maintain, or cause to be maintained, a Compute Workload Record for material compute supporting GCRI Canada outputs, including compute used for Nexus Truth Engine outputs, Nexus Observatory outputs, Evidence Packs, Decision Packs, dashboards, maps, APIs, datasets, public-safe reports, controlled annexes, technical baselines, public-good software, model evaluations, benchmark cards, system cards, digital twin outputs, simulations, geospatial analysis, sensor fusion, cyber analysis, AI-assisted retrieval, AI-assisted classification, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority support, Rails handoffs, Academy materials, and correction workflows.

8.11.1(b) A Compute Workload Record shall be required where compute materially affects evidence meaning, source comparison, confidence, uncertainty, limitation statements, public-safe classification, dashboard or map presentation, output versioning, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, community-facing interpretation, Nexus interface meaning, public claims, or downstream dependency.

8.11.1(c) Compute shall not be treated as institutionally valid merely because it was performed, automated, logged by a tool, executed in a trusted environment, cryptographically signed, repeated, reproducible, efficient, publicly visible, sponsor-supported, provider-enabled, cloud-hosted, AI-assisted, or technically sophisticated.

8.11.1(d) The Compute Workload Record shall make material compute traceable to its purpose, authority, data inputs, permissions, methods, models, code, environment, provider, jurisdiction, configuration, runtime context where material, human review, technical review, privacy review, cybersecurity review, public-safe status, output identity, limitations, dependencies, retention, correction path, and archive path.

8.11.1(e) GCRI Canada shall determine, through policy or records-valid practice, the threshold at which compute is material for purposes of this section, having regard to output class, data sensitivity, model use, AI use, public-safe status, public authority relevance, finance relevance, provider relevance, sponsor relevance, protected knowledge relevance, privacy risk, cybersecurity risk, sovereign data risk, public claims risk, and downstream reliance.

8.11.1(f) Where compute is exploratory, experimental, instructional, sandboxed, or incidental, GCRI Canada may apply lighter records proportionate to risk, provided that such compute is not later used for material outputs unless converted into a Compute Workload Record or otherwise made records-valid.

8.11.1(g) No Compute Workload Record shall create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.11.1(h) The controlling rule shall be that material compute supporting GCRI Canada outputs must be recorded because unrecorded compute cannot safely support evidence, confidence, uncertainty, public-safe publication, correction, or trust.

***

8.11.2 Workload Identity, Owner, Custodian, Purpose, Scope, Authority, and Classification.\
8.11.2(a) Each material Compute Workload Record shall identify the workload title or identifier, workload class, workload type, output relationship, owner, custodian, steward, requesting actor, approving actor where applicable, operator where applicable, reviewer where applicable, date created, date run, date reviewed, version, status, and archive path.

8.11.2(b) The workload purpose shall identify the evidence question, technical question, research question, public-safe output purpose, dashboard purpose, map purpose, model-evaluation purpose, benchmark purpose, observability purpose, Truth Engine purpose, GRF input purpose, GRA input purpose, Protocol Authority support purpose, public authority learning purpose, Rails handoff purpose, Academy purpose, or correction purpose for which the compute is performed.

8.11.2(c) The workload scope shall identify permitted inputs, prohibited inputs, permitted processing, prohibited processing, permitted outputs, prohibited outputs, intended audience, excluded audience, intended use, prohibited use, public-safe status, controlled-room status where applicable, geographic scope, temporal scope, technology-domain scope, risk-domain scope, jurisdictional scope, and downstream dependency scope.

8.11.2(d) The workload authority shall identify the legal, institutional, contractual, permission, data-sharing, public authority, community, Indigenous or protected knowledge, repository, API, model-use, compute-environment, or other authority under which the workload is permitted, where applicable.

8.11.2(e) The workload classification shall identify data class, evidence class, access class, handling class, public-safe status, finance-safe status where material, public authority-facing status where material, provider-facing status where material, sponsor-facing status where material, host-facing status where material, community-facing status where material, protected knowledge status, AI-use status, export-control status, sanctions status, controlled-technology status, and retention status.

8.11.2(f) Workload status shall distinguish proposed, approved, active, paused, held, experimental, sandbox, controlled, public-safe, released, corrected, superseded, withdrawn, retracted, restricted, downgraded, suspended, reinstated, retired, archived, and prohibited workloads.

8.11.2(g) Where workload identity, authority, scope, or classification is incomplete, ambiguous, disputed, stale, unsafe, or inconsistent with GCRI Canada’s mandate, the workload shall be held, narrowed, reclassified, corrected, restricted, escalated, or refused until made records-valid.

8.11.2(h) The controlling rule shall be that a compute workload must know what it is, who stewards it, why it exists, what authority permits it, what it may do, what it must not do, and how it is classified before it can support institutional outputs.

***

8.11.3 Data Inputs, Data Sources, Permissions, Lawful Basis, Handling Class, and Use Limits.\
8.11.3(a) Each material Compute Workload Record shall identify data inputs, data sources, source records, data lineage, dataset identifiers, data owners where known, custodians, stewards, contributors, source lineage, provenance, custody, version, date range, geography or safe location treatment, collection method, data class, evidence class, handling class, access class, and public-safe status.

8.11.3(b) The record shall identify permissions, lawful basis or authority to use where applicable, licenses, data-sharing terms, consent or non-consent treatment where applicable, public authority restrictions, community restrictions, Indigenous or protected knowledge restrictions, confidentiality restrictions, IP restrictions, AI-use restrictions, training-use restrictions, embedding-use restrictions, retrieval-use restrictions, transfer restrictions, publication restrictions, retention restrictions, and derivative-use limits.

8.11.3(c) Data inputs may include raw data, processed data, derived data, reference datasets, training-restricted datasets, evaluation datasets, benchmark datasets, public-safe datasets, controlled datasets, restricted datasets, public authority datasets, health-sensitive datasets, cyber-sensitive datasets, infrastructure-sensitive datasets, finance-sensitive datasets, commercially sensitive datasets, personal information datasets, rights-bearing datasets, community-protected datasets, Indigenous or local knowledge datasets, protected knowledge datasets, controlled-technology datasets, and source-protected datasets.

8.11.3(d) The record shall identify whether data are used for analysis, retrieval, embedding, training, fine-tuning, evaluation, benchmarking, simulation, digital twin input, geospatial processing, sensor fusion, cyber analysis, dashboard generation, map generation, public-safe summarization, Evidence Pack assembly, Decision Pack assembly, API output, technical publication, or correction.

8.11.3(e) Data handling shall preserve purpose limitation, minimization, access controls, least privilege, segregation where appropriate, encryption where appropriate, de-identification where appropriate, aggregation where appropriate, redaction where appropriate, safe-location treatment where appropriate, and public-safe release controls.

8.11.3(f) Where a workload uses personal information, rights-bearing data, location data, health-sensitive data, public authority data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, community-protected data, Indigenous knowledge, protected knowledge, confidential source information, controlled technology, export-controlled material, sanctions-sensitive material, or commercially sensitive material, the workload shall be subject to heightened review and shall not proceed without records-valid authority and safeguards.

8.11.3(g) Where data inputs lack permission, lawful basis, source lineage, custody, classification, handling status, or use authority, the workload shall not proceed or shall be narrowed to exclude the affected data unless competent authority records a lawful and safeguarded basis.

8.11.3(h) The controlling rule shall be that compute cannot be verifiable where the data entering the workload are not identified, permissioned, classified, limited, and correctable.

***

8.11.4 Model / Code Identity, Version, Dependencies, Environment, Runtime, Configuration, and Execution Context.\
8.11.4(a) Each material Compute Workload Record shall identify, where applicable, model identity, code identity, script identity, repository identity, tool identity, package identity, workflow identity, pipeline identity, system identity, API identity, container identity, build identity, dependency identity, and configuration identity used in the workload.

8.11.4(b) Model identity shall identify model title or identifier, model type, provider where any, developer where any, custodian, steward, version, checkpoint where applicable, training status, fine-tuning status, embedding status, retrieval status, inference status, deployment status, model card where any, system card where any, benchmark card where any, permitted use, prohibited use, and correction path.

8.11.4(c) Code identity shall identify repository, branch, commit, release, script, notebook, package, dependency set, container image, build artifact, hash where appropriate, software bill of materials where appropriate, license status, security status, review status, and correction path.

8.11.4(d) Environment identity shall identify compute environment, workspace, sandbox, secure research environment, clean room, data room, controlled room, cloud environment, on-premises environment, sovereign environment, trusted execution environment, secure enclave, air-gapped environment, local workstation, public-good software environment, or other relevant environment.

8.11.4(e) Runtime and configuration records shall identify runtime date, runtime window where material, compute resource class, hardware class where material, software version, operating system or base image where material, environment variables where safe and material, configuration parameters, thresholds, random seeds where material, model parameters where material, prompt or query configuration where material, API version, access permissions, network status, and logging status.

8.11.4(f) Dependencies shall include data dependencies, model dependencies, code dependencies, package dependencies, API dependencies, cloud dependencies, provider dependencies, sponsor-supplied tool dependencies, host dependencies, public authority system dependencies, external service dependencies, and human-review dependencies where material.

8.11.4(g) Where model, code, dependency, environment, runtime, or configuration identity cannot be established at a level proportionate to risk, the workload shall be held, qualified, restricted, rerun, corrected, downgraded, or excluded from material outputs.

8.11.4(h) The controlling rule shall be that compute outputs cannot be evidence-supporting unless the model, code, dependency, environment, runtime, and configuration that shaped them are identifiable and reviewable.

***

8.11.5 Compute Location, Jurisdiction, Provider, Infrastructure Type, Secure Enclave Status, Air-Gap Status, and Sovereign Data Zone Status.\
8.11.5(a) Each material Compute Workload Record shall identify compute location, jurisdiction, provider, infrastructure type, secure enclave status, air-gap status, sovereign data zone status, hosting context, cloud context, on-premises context, edge context, public authority system context, university or laboratory context, host context, provider context, sponsor context, and cross-border transfer status where material.

8.11.5(b) Compute location shall identify, where applicable and safe, country, province, territory, state, region, facility class, data centre class, cloud region, edge location, controlled room, clean room, secure research environment, or sovereign data zone.

8.11.5(c) Jurisdictional treatment shall identify applicable legal constraints, public authority restrictions, data localization obligations, cross-border transfer implications, conflict-of-law risks, Indigenous data considerations, community data restrictions, sovereign data obligations, export-control restrictions, sanctions restrictions, controlled-technology restrictions, and public-sector data requirements.

8.11.5(d) Provider and infrastructure treatment shall identify cloud provider, compute provider, model provider, platform provider, repository provider, host provider, university provider, laboratory provider, public authority provider, National Company provider, Project SPV provider, or other infrastructure actor where material, and shall record that such provision does not create provider endorsement, sponsor control, public authority delegation, finance-readiness, procurement advantage, or execution authority by GCRI Canada.

8.11.5(e) Secure enclave status shall identify whether the workload uses a trusted execution environment, confidential computing environment, secure enclave, hardware security module, controlled clean room, secure sandbox, or equivalent protected environment, together with limitations, attestation status where any, access controls, logging, and correction path.

8.11.5(f) Air-gap status shall identify whether the workload is air-gapped, partially air-gapped, network-restricted, export-restricted, offline, controlled-transfer, or connected, and shall record transfer controls, import controls, export controls, media controls, and audit controls where material.

8.11.5(g) Sovereign data zone status shall identify whether the workload is located within or constrained by a sovereign data zone, public authority data zone, Indigenous or community data control zone, regulated data environment, national data infrastructure, or other jurisdictionally controlled environment.

8.11.5(h) Where compute location, jurisdiction, provider, infrastructure type, secure enclave status, air-gap status, or sovereign data zone status is incompatible with data handling, public authority restrictions, privacy, cybersecurity, protected knowledge, export-control, sanctions, or public-safe requirements, the workload shall be held, moved, narrowed, secured, restricted, or refused.

8.11.5(i) The controlling rule shall be that where compute occurs matters because evidence integrity depends on jurisdiction, infrastructure, custody, sovereignty, security, and lawful control.

***

8.11.6 Output Identity, Classification, Confidence, Limitations, Public-Safe Status, and Correction Path.\
8.11.6(a) Each material Compute Workload Record shall identify output title or identifier, output class, output form, output owner, output custodian, output steward, output version, output date, output status, source records, method records, data dependencies, model dependencies, code dependencies, environment dependencies, public-safe status, access class, handling class, and archive path.

8.11.6(b) Output classification shall identify evidence class, data class, technology domain, risk domain, public-safe status, finance-safe status where material, public authority-facing status where material, GRF-facing status where material, GRA-facing status where material, Protocol Authority-facing status where material, provider-facing status where material, sponsor-facing status where material, host-facing status where material, community-facing status where material, protected knowledge status, AI-output status, and controlled-room status where applicable.

8.11.6(c) The record shall identify confidence treatment, uncertainty treatment, limitation statements, assumptions, proxies, gaps, inference chains, model limitations, data limitations, method limitations, public-safe limitations, geospatial limitations, dashboard limitations, map limitations, API limitations, public authority limitations, finance-boundary limitations, provider-neutrality limitations, sponsor non-control limitations, and downstream-use limitations.

8.11.6(d) The record shall identify permitted use, prohibited use, intended audience, prohibited audience, public-safe boundary language, finance boundary language where material, public authority boundary language where material, provider-neutrality language where material, sponsor non-control language where material, recognition boundary language where material, protocol-effect boundary language where material, no-warning language where material, no-emergency-command language where material, and no-execution language where material.

8.11.6(e) The record shall identify correction path, challenge path, confidence change path, uncertainty change path, reclassification path, restriction path, downgrade path, suspension path, reinstatement path, supersession path, withdrawal path, retraction path where applicable, retirement path, archive path, notice path, and dependency review path.

8.11.6(f) Output identity and classification shall be updated where outputs are corrected, re-run, revised, reclassified, restricted, superseded, withdrawn, retracted, downgraded, suspended, reinstated, retired, archived, or republished.

8.11.6(g) No compute output, regardless of classification or confidence, shall create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.11.6(h) The controlling rule shall be that compute output must carry its identity, class, confidence, uncertainty, limits, audience, boundary, and correction path before it can safely travel.

***

8.11.7 Human Review, Technical Review, Privacy Review, Cyber Review, Public Authority Review, Safeguards Review, and Boundary Review Where Applicable.\
8.11.7(a) Each material Compute Workload Record shall identify human review, technical review, privacy review, cybersecurity review, public authority review, safeguards review, Indigenous or protected knowledge review, AI review, data review, sovereign data review, export-control review, sanctions review, finance-boundary review, provider-neutrality review, sponsor non-control review, competition review, legal review, and other boundary review where applicable.

8.11.7(b) Human review shall be required where compute outputs materially affect evidence meaning, confidence, uncertainty, public-safe classification, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, protected knowledge treatment, community safeguard treatment, dashboard meaning, map meaning, technical baseline status, correction status, or public claims.

8.11.7(c) Technical review shall assess whether the workload used appropriate data, method, model, code, dependencies, environment, configuration, runtime, logging, output validation, reproducibility where appropriate, and correction controls.

8.11.7(d) Privacy review shall assess lawful basis, purpose limitation, minimization, access controls, de-identification where any, re-identification risk, inference risk, secondary-use risk, retention, publication, transfer, and rights-bearing data treatment.

8.11.7(e) Cybersecurity review shall assess identity and access, least privilege, repository security, cloud security, controlled-room security, secrets, credentials, build pipeline, dependency risk, vulnerability exposure, logging, anomaly detection, incident handling, backup, recovery, and secure decommissioning.

8.11.7(f) Public authority review shall assess public authority data status, public authority capacity classification, official or non-official source status, public authority restrictions, agency reference controls, non-delegation language, non-endorsement language, non-warning language, non-procurement language, non-funding language, non-public-finance language, and correction path.

8.11.7(g) Safeguards review shall assess community context, Indigenous or local knowledge context, protected knowledge treatment, cultural protocol, community protocol, protected participation, source protection, retaliation risk, vulnerable community exposure, public-safe mapping, accessibility, and do-no-harm controls.

8.11.7(h) Boundary review shall assess whether compute or outputs could be misread as certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence.

8.11.7(i) Where review identifies unresolved risk, the workload shall be held, narrowed, reclassified, restricted, corrected, rerun, redesigned, escalated, suspended, withdrawn, or refused as appropriate.

8.11.7(j) The controlling rule shall be that compute review is not a formality; it is the safeguard that prevents technical processing from becoming unsafe evidence, overclaim, or execution drift.

***

8.11.8 Logging, Signing, Hashing, Tamper-Evidence, and Reproducibility Notes Where Appropriate.\
8.11.8(a) Each material Compute Workload Record shall identify logging, signing, hashing, tamper-evidence, attestation, reproducibility, and verification notes where appropriate to the workload’s risk, output class, data sensitivity, model use, public-safe status, and downstream dependency.

8.11.8(b) Logging may include source logs, data lineage logs, method logs, model logs, code logs, prompt logs where applicable, query logs where applicable, retrieval logs where applicable, runtime logs, environment logs, configuration logs, access logs, output logs, reviewer logs, confidence change logs, uncertainty change logs, correction logs, and dependency logs.

8.11.8(c) Signing may be used to identify authorized actors, systems, releases, output versions, source records, model records, method records, benchmark records, technical baselines, public-good software artifacts, public-safe outputs, or correction records, provided that signing does not imply certification, public authority approval, finance-readiness, provider endorsement, sponsor approval, protocol effect, or execution clearance by default.

8.11.8(d) Hashing may be used to identify file integrity, dataset identity, model identity, code identity, output identity, version identity, archive identity, or dependency identity, provided that hashing shall not be treated as proof that the underlying content is true, complete, lawful, public-safe, authorized, or fit for purpose.

8.11.8(e) Tamper-evidence may be used to detect alteration, manipulation, substitution, replay, unauthorized modification, or chain-of-custody defect, provided that tamper-evidence shall not be treated as proof of substantive validity beyond the recorded evidence.

8.11.8(f) Reproducibility notes shall identify whether the workload is fully reproducible, partially reproducible, method-reproducible, reviewer-reproducible, controlled-room reproducible, non-reproducible for lawful or safety reasons, or not appropriate for reproducibility due to privacy, cybersecurity, protected knowledge, public authority restrictions, sovereign data, IP, source protection, controlled technology, export-control, sanctions, or public-safe limits.

8.11.8(g) Where signing, hashing, tamper-evidence, or reproducibility records reveal inconsistency, corruption, unauthorized modification, missing dependency, environment drift, model drift, data drift, output mismatch, or unreviewed change, affected records and outputs shall be reviewed and routed for correction, restriction, downgrade, supersession, withdrawal, retraction, incident handling, or archive as appropriate.

8.11.8(h) The controlling rule shall be that technical verification artifacts strengthen auditability, but they do not transform compute outputs into authoritative approvals, ratings, guarantees, public decisions, or execution consequences.

***

8.11.9 Retention, Deletion, Sealing, Archival, and Legal Hold.\
8.11.9(a) Each material Compute Workload Record shall identify retention, deletion, sealing, archival, and legal hold treatment for the workload, data inputs, intermediate outputs, final outputs, logs, prompts where applicable, queries, retrieval records, inference records, model records, code records, environment records, reviewer records, access records, correction records, and dependency records.

8.11.9(b) Retention shall be proportionate to evidence integrity, correctionability, legal obligations, privacy obligations, cybersecurity obligations, public authority restrictions, sovereign data obligations, protected knowledge obligations, community safeguards, IP obligations, contractual obligations, audit needs, archival value, public-benefit purpose, and downstream dependency.

8.11.9(c) Deletion shall be used where data, logs, intermediate outputs, temporary files, prompts, retrieval artifacts, model inputs, embeddings, cached materials, or outputs no longer have lawful, necessary, proportionate, safe, or mission-compatible basis for retention, subject to legal hold, archival requirements, evidence integrity, and correctionability obligations.

8.11.9(d) Sealing shall be used where records must be preserved but access must be restricted due to privacy, cybersecurity, public authority restriction, sovereign data, protected knowledge, community safety, source protection, legal sensitivity, privilege, commercial sensitivity, finance sensitivity, controlled technology, export-control, sanctions, investigation, dispute, or public-safe risk.

8.11.9(e) Archival shall preserve identity, version history, review history, correction history, status history, dependency links, access restrictions, retention basis, public-safe status, withdrawal or retraction status, and future retrieval limits.

8.11.9(f) Legal hold shall apply where litigation, investigation, public authority process, contractual dispute, governance review, audit review, incident review, privacy request, cybersecurity incident, protected knowledge concern, public authority concern, finance-boundary concern, public claim dispute, or other legal or institutional requirement requires preservation.

8.11.9(g) Retention, deletion, sealing, archival, and legal hold shall not be used to conceal error, suppress correction, avoid accountability, protect sponsor comfort, protect provider comfort, protect public authority comfort, preserve finance-facing usefulness, avoid public-safe correction, or erase institutional memory.

8.11.9(h) Where records are deleted, sealed, archived, or placed under legal hold, affected dependency records shall be updated and permitted future use shall be clarified.

8.11.9(i) The controlling rule shall be that compute records must be retained, deleted, sealed, archived, or held according to lawful purpose, safety, correctionability, and institutional memory, not convenience.

***

8.11.10 Compute Workload Register and Review Cycle.\
8.11.10(a) GCRI Canada shall maintain, or cause to be maintained, a Compute Workload Register for material compute workloads supporting GCRI Canada outputs.

8.11.10(b) The Compute Workload Register shall identify workload title or identifier, workload class, workload type, owner, custodian, steward, purpose, scope, authority, classification, data inputs, source records, method records, model records, code records, environment records, provider where any, infrastructure type, jurisdiction, secure enclave status, air-gap status, sovereign data zone status, output records, confidence status, uncertainty status, limitation status, public-safe status, access class, handling class, reviewer records, approval records where applicable, logging status, signing status, hashing status, tamper-evidence status, reproducibility status, retention status, correction path, supersession path, withdrawal path, retirement path, archive path, and dependency links.

8.11.10(c) The Compute Workload Register shall distinguish proposed workloads, approved workloads, active workloads, paused workloads, held workloads, experimental workloads, sandbox workloads, controlled workloads, public-safe workloads, released workloads, corrected workloads, superseded workloads, withdrawn workloads, retracted workloads, restricted workloads, downgraded workloads, suspended workloads, reinstated workloads, retired workloads, archived workloads, and prohibited workloads.

8.11.10(d) GCRI Canada shall establish a review cycle for material compute workloads proportionate to risk, including review on schedule, review on material change, review on new data input, review on new model version, review on new code version, review on new dependency, review on jurisdictional change, review on public-safe status change, review on access change, review on output change, review on dispute, review on correction, review on incident, and review on downstream dependency change.

8.11.10(e) Workload review may include evidence review, method review, data review, model review, code review, environment review, privacy review, cybersecurity review, AI review, sovereign data review, public authority review, safeguards review, protected knowledge review, export-control review, sanctions review, finance-boundary review, provider-neutrality review, sponsor non-control review, legal review, interface review, committee review, officer review, Board reporting, or independent review where appropriate.

8.11.10(f) Where review identifies a workload that is unauthorized, misclassified, insecure, unlogged, unreviewed, unlawful, privacy-defective, cyber-defective, sovereign-data-defective, public authority-defective, protected-knowledge-defective, finance-boundary-defective, provider-neutrality-defective, sponsor-control-defective, overclaimed, stale, or no longer fit for purpose, GCRI Canada shall hold, restrict, correct, rerun, reclassify, downgrade, suspend, supersede, withdraw, retire, archive, or refuse the workload as appropriate.

8.11.10(g) The Compute Workload Register shall be linked, where applicable, to the Evidence Register, Method Register, Dataset Register, Model Register, Observability Register, Ontology and Controlled Vocabulary Register, Evidence Pack Register, Decision Pack Register, Publication and Public-Safe Output Register, Output Class Register, Correction Register, Dependency Register, Truth Engine audit logs, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, Nexus interface records, and public claims records.

8.11.10(h) The Compute Workload Register shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.11.10(i) The controlling rule shall be that compute workload governance requires a register and review cycle because compute that is not inventoried, reviewed, and corrected cannot be trusted as part of GCRI Canada’s public-good evidence architecture.

### 8.12 Compute Environment Authority and Controls

8.12.1 Approved Compute Environments.\
8.12.1(a) GCRI Canada shall use, approve, or cause to be used only approved compute environments for material Verifiable Compute, Nexus Truth Engine activities, Nexus Observatory activities, public-good software work, open technical baseline work, secure research, evidence analysis, AI-assisted analysis, model evaluation, simulation, digital twin analysis, geospatial analysis, sensor fusion, cyber analysis, benchmarking, Evidence Pack generation, Decision Pack generation, public-safe output generation, dashboard generation, map generation, API output, dataset output, controlled-room output, public authority learning output, GRF input, GRA input, Protocol Authority support, Rails handoff, Academy output, and correction workflow.

8.12.1(b) Approved compute environments shall be environments whose purpose, owner, custodian, steward, infrastructure type, jurisdiction, provider, access controls, security controls, data handling limits, logging status, monitoring status, public-safe status, sovereign data status, privacy status, cybersecurity status, protected knowledge status, public authority status, permitted uses, prohibited uses, review status, exception status, incident path, correction path, and decommissioning path have been recorded.

8.12.1(c) Approved compute environments may include public cloud, private cloud, sovereign cloud, hybrid cloud, university cloud, public authority controlled environments, secure research environments, controlled rooms, clean rooms, data rooms, on-premise environments, high-performance computing environments, edge compute environments, secure enclaves, confidential computing environments, trusted execution environments, air-gapped environments, compute-to-data environments, repository environments, sandbox environments, and local development environments where properly authorized and controlled.

8.12.1(d) Approval shall be proportionate to the environment’s risk, including data class, evidence class, technology domain, output class, AI use, model use, public-safe status, public authority relevance, finance relevance, provider relevance, sponsor relevance, protected knowledge relevance, community relevance, privacy risk, cybersecurity risk, sovereign data risk, export-control risk, sanctions risk, controlled-technology risk, and downstream dependency.

8.12.1(e) No environment shall be treated as approved merely because it is commercially reputable, technically advanced, sponsor-supported, provider-supplied, public authority-used, university-hosted, widely adopted, certified by a third party, cloud-native, AI-enabled, cryptographically secured, or convenient.

8.12.1(f) Approval of a compute environment shall not approve every workload within that environment. Each material workload shall remain subject to workload-specific authority, classification, data handling, review, logging, public-safe status, boundary language, and correction path.

8.12.1(g) Approved compute environments shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.12.1(h) The controlling rule shall be that compute environment approval is a prerequisite for safe Verifiable Compute, not a substitute for workload authority, evidence review, public-safe review, or correctionability.

***

8.12.2 Prohibited or Restricted Compute Environments.\
8.12.2(a) GCRI Canada shall prohibit or restrict compute environments that are unauthorized, unlogged, insecure, unclassified, unreviewed, unmanaged, personal-only, consumer-grade without approval, uncontrolled, jurisdictionally unsuitable, provider-controlled without safeguards, sponsor-controlled without independence, public authority-controlled without proper authority, privacy-defective, cyber-defective, sovereign-data-defective, protected-knowledge-defective, export-control-defective, sanctions-defective, or otherwise inconsistent with GCRI Canada’s public-benefit mandate.

8.12.2(b) Prohibited or restricted compute environments may include personal accounts, unmanaged devices, unsanctioned cloud accounts, unapproved AI platforms, unapproved file-sharing systems, unapproved messaging systems, unapproved code repositories, unreviewed data rooms, unlogged dashboards, unapproved APIs, insecure notebooks, uncontrolled local machines, personal storage, consumer AI tools, unrestricted public paste systems, unapproved offshore environments, unsupported legacy systems, and environments lacking adequate access control, logging, deletion, retention, or correction capacity.

8.12.2(c) Environments shall be prohibited or restricted where they cannot preserve source lineage, data lineage, method records, model records, workload records, access logs, output versioning, public-safe status, privacy controls, cybersecurity controls, sovereign data controls, protected knowledge safeguards, public authority restrictions, finance boundaries, provider neutrality, sponsor non-control, or correction paths at a level proportionate to risk.

8.12.2(d) Environments shall be prohibited or restricted where use would create unacceptable cross-border transfer risk, conflict-of-law risk, public authority restriction breach, protected knowledge exposure, community harm, privacy harm, cyber exposure, infrastructure exposure, uncontrolled AI training risk, uncontrolled embedding risk, uncontrolled retrieval risk, credential exposure, prompt leakage, source exposure, or uncontrolled public release risk.

8.12.2(e) Provider-supplied, sponsor-supplied, host-supplied, public authority-supplied, university-supplied, National Company-supplied, Project SPV-supplied, or third-party environments shall not be used for material GCRI Canada compute unless reviewed for role boundaries, access controls, custody, independence, logging, data rights, IP rights, confidentiality, public-safe status, provider-neutrality, sponsor non-control, public authority boundaries, and correctionability.

8.12.2(f) Where a prohibited or restricted environment has been used, GCRI Canada shall assess affected data, models, records, outputs, logs, permissions, access events, public-safe status, downstream dependencies, privacy risk, cybersecurity risk, sovereign data risk, public authority risk, protected knowledge risk, and correction requirements.

8.12.2(g) Remediation for prohibited or restricted environment use may include access termination, credential rotation, data deletion, environment quarantine, output hold, workload rerun, reclassification, correction, withdrawal, retraction, public-safe notice, controlled notice, incident response, legal review, board reporting, or other appropriate action.

8.12.2(h) The controlling rule shall be that compute conducted in an unsuitable environment cannot become trustworthy merely because the output appears useful.

***

8.12.3 Public Cloud, Private Cloud, Sovereign Cloud, Edge Compute, On-Premise Compute, HPC, Secure Enclave, Confidential Computing, Air-Gapped, and Compute-to-Data Environments.\
8.12.3(a) GCRI Canada may approve public cloud, private cloud, sovereign cloud, edge compute, on-premise compute, high-performance computing, secure enclave, confidential computing, air-gapped, compute-to-data, clean-room, data-room, secure research, university, laboratory, public authority, or host environments where such environments meet applicable authority, security, privacy, sovereignty, public-safe, protected knowledge, and correctionability requirements.

8.12.3(b) Public cloud environments may be used where contractual terms, data location, service configuration, access controls, logging, encryption, key management, provider obligations, subprocessors, AI-use restrictions, training-use restrictions, transfer controls, deletion controls, incident response, and exit readiness are suitable for the workload.

8.12.3(c) Private cloud environments may be used where ownership, custody, configuration, segmentation, administrative access, monitoring, vulnerability management, logging, backup, recovery, and exit readiness are recorded and proportionate to workload risk.

8.12.3(d) Sovereign cloud environments may be used where data residency, localization, public authority requirements, national data controls, Indigenous data considerations, community data safeguards, cross-border transfer limits, conflict-of-law risk, provider access, and operational jurisdiction are compatible with workload classification.

8.12.3(e) Edge compute environments may be used where edge device identity, location, custody, physical security, network security, update controls, logging, synchronization, data minimization, local retention, remote access, incident handling, and safe extraction controls are recorded.

8.12.3(f) On-premise compute environments may be used where facility security, hardware custody, network segmentation, access controls, patching, logging, backups, media handling, physical access, and decommissioning controls are sufficient.

8.12.3(g) High-performance computing environments may be used where queueing, shared resource controls, job isolation, dataset staging, scratch storage, logs, export controls, model and code dependencies, user access, jurisdiction, and data removal procedures are recorded and controlled.

8.12.3(h) Secure enclave, confidential computing, trusted execution, air-gapped, and compute-to-data environments may be used where higher protection is required for sensitive workloads, provided that attestation limits, operational limits, side-channel risks, logging constraints, transfer controls, reviewer access, reproducibility constraints, and correction paths are recorded.

8.12.3(i) The selection of environment type shall be based on workload purpose, data sensitivity, evidence class, model use, public authority restrictions, privacy risk, cybersecurity risk, sovereign data requirements, protected knowledge safeguards, public-safe publication needs, and downstream dependency.

8.12.3(j) The controlling rule shall be that environment type must fit workload risk; no compute environment is inherently safe for all evidence, data, models, outputs, or audiences.

***

8.12.4 Environment Approval, Risk Classification, and Owner / Custodian Assignment.\
8.12.4(a) GCRI Canada shall maintain environment approval, risk classification, and owner or custodian assignment for material compute environments used in Verifiable Compute.

8.12.4(b) Environment approval records shall identify environment name or identifier, environment type, provider, owner, custodian, steward, approving actor, approving body where applicable, purpose, approved workload classes, prohibited workload classes, permitted data classes, prohibited data classes, permitted model classes, prohibited model classes, approved users, approved roles, jurisdiction, data residency status, security status, privacy status, public-safe status, sovereign data status, protected knowledge status, public authority status, finance-facing status where material, provider-facing status where material, sponsor-facing status where material, review date, review cycle, exception status, incident path, correction path, and decommissioning path.

8.12.4(c) Risk classification shall consider data sensitivity, evidence sensitivity, AI use, model use, cyber sensitivity, infrastructure sensitivity, health sensitivity, public authority restrictions, finance sensitivity, commercial sensitivity, personal information, rights-bearing data, sovereign data, community-protected data, Indigenous or protected knowledge, controlled technology, export-control risk, sanctions risk, public-safe release risk, and downstream dependency.

8.12.4(d) Owner assignment shall identify the person or institutional function accountable for environment authorization, purpose alignment, policy compliance, risk classification, review cycle, access approval, exception management, incident routing, and decommissioning.

8.12.4(e) Custodian assignment shall identify the person or function responsible for operating or administering the environment, including technical configuration, access provisioning, logging, monitoring, backup, patching, vulnerability management, key or credential coordination, and secure decommissioning, without creating execution authority beyond the recorded role.

8.12.4(f) Steward assignment shall identify the evidence, data, model, method, observability, public-safe, privacy, cybersecurity, public authority, safeguards, or legal stewardship function responsible for domain-specific review where applicable.

8.12.4(g) Environment approval shall be time-bound or review-bound. Material changes in provider, jurisdiction, configuration, access model, logging, AI functionality, data classes, workload classes, public authority use, finance-facing use, sponsor involvement, provider involvement, security posture, incident history, or legal status shall trigger review.

8.12.4(h) The controlling rule shall be that compute environments must have recorded authority, risk classification, ownership, custody, and review before they may host material GCRI Canada workloads.

***

8.12.5 Identity and Access Management.\
8.12.5(a) GCRI Canada shall maintain identity and access management controls for material compute environments proportionate to environment risk, workload risk, data class, evidence class, model use, output class, public-safe status, public authority relevance, finance relevance, protected knowledge relevance, privacy risk, cybersecurity risk, sovereign data risk, and downstream dependency.

8.12.5(b) Identity and access management shall identify users, roles, service accounts, machine identities, API identities, repository identities, administrative accounts, reviewer accounts, external collaborator accounts, provider accounts, public authority accounts, host accounts, sponsor accounts where any, and temporary accounts.

8.12.5(c) Access shall be role-based, purpose-bound, time-bound where appropriate, least-privilege, reviewed, logged, revocable, and linked to institutional capacity, contractual authority where applicable, confidentiality obligations, training where required, conflict status where material, and permitted use.

8.12.5(d) Administrative access shall be restricted, separately authorized, logged, monitored, periodically reviewed, and removed where no longer required. Shared administrative accounts shall be prohibited except where unavoidable and controlled through compensating measures.

8.12.5(e) External participant access shall be limited to the minimum environment, workload, data, model, repository, dashboard, map, API, controlled room, or output needed for the approved purpose, and shall not create governance rights, data rights, publication rights, public authority status, provider preference, sponsor control, finance access, or execution authority beyond record.

8.12.5(f) Access approval shall consider conflicts, sponsor relationship, provider relationship, host relationship, public authority capacity, capital-reader role, community role, protected knowledge authority, data subject rights, legal restrictions, cybersecurity risk, public-safe status, and downstream reliance risk.

8.12.5(g) Access shall be removed or modified upon role change, purpose completion, review failure, incident, conflict, termination, expired authorization, sponsor or provider boundary risk, public authority boundary risk, security concern, privacy concern, protected knowledge concern, or correction requirement.

8.12.5(h) The controlling rule shall be that no person or system shall access material GCRI Canada compute environments except through recorded identity, recorded role, recorded purpose, recorded authority, and revocable controls.

***

8.12.6 Least Privilege, Segmentation, Isolation, Logging, Monitoring, and Security Telemetry.\
8.12.6(a) GCRI Canada shall apply least privilege, segmentation, isolation, logging, monitoring, and security telemetry controls to material compute environments proportionate to risk.

8.12.6(b) Least privilege shall limit each user, service, model, tool, repository, API, workflow, pipeline, and environment component to the minimum data, system, function, permission, and duration necessary for the approved purpose.

8.12.6(c) Segmentation shall separate environments, workloads, datasets, models, repositories, public-safe outputs, controlled-room outputs, public authority materials, finance-facing materials, provider materials, sponsor materials, protected knowledge materials, and experimental work where necessary to prevent unauthorized access, unsafe mixing, uncontrolled inference, improper reuse, or boundary collapse.

8.12.6(d) Isolation shall protect sensitive workloads from unapproved network access, unapproved model access, unapproved data exfiltration, unapproved AI training, unapproved embedding, unapproved retrieval, unapproved API calls, unapproved external dependencies, and unapproved human access.

8.12.6(e) Logging shall capture access events, administrative actions, workload execution, data movement, model use, code changes, configuration changes, output generation, export events, deletion events, exception events, security events, and correction events where material and lawful.

8.12.6(f) Monitoring shall identify unauthorized access, unusual activity, credential misuse, data exfiltration, workload drift, model drift, environment drift, suspicious API activity, repository anomalies, public-safe release anomalies, dashboard anomalies, map anomalies, and controlled-room violations.

8.12.6(g) Security telemetry shall be handled as sensitive evidence where it may expose vulnerabilities, infrastructure details, public authority systems, provider systems, host systems, source identities, attack patterns, credentials, or incident details. Public release of telemetry shall require public-safe review.

8.12.6(h) Where least privilege, segmentation, isolation, logging, monitoring, or telemetry controls are materially deficient, affected environments or workloads shall be held, restricted, remediated, reclassified, suspended, or decommissioned as appropriate.

8.12.6(i) The controlling rule shall be that compute environments cannot preserve evidence integrity unless access, movement, execution, and anomalies are controlled and visible to authorized review.

***

8.12.7 Key Management, Token Management, Secrets Management, and Credential Controls.\
8.12.7(a) GCRI Canada shall maintain key management, token management, secrets management, and credential controls for material compute environments, repositories, APIs, models, dashboards, maps, controlled rooms, clean rooms, data rooms, secure research environments, cloud accounts, edge devices, and public-good software systems.

8.12.7(b) Keys, tokens, secrets, and credentials shall be created, stored, transmitted, rotated, revoked, expired, monitored, and destroyed through secure, access-controlled, logged, and records-valid processes proportionate to risk.

8.12.7(c) Secrets shall not be stored in public repositories, unsecured notebooks, unmanaged devices, personal accounts, plaintext files, public documents, public dashboards, public maps, chat messages, public-safe outputs, unapproved AI prompts, unapproved ticket systems, or uncontrolled collaboration tools.

8.12.7(d) Machine identities, service accounts, API tokens, model-access tokens, cloud keys, repository keys, deployment keys, signing keys, encryption keys, data-room credentials, controlled-room credentials, and public authority system credentials shall be scoped, least-privilege, time-bound where appropriate, segregated, and monitored.

8.12.7(e) Signing keys, hashing keys where applicable, encryption keys, attestation keys, trusted execution keys, backup keys, and recovery keys shall be managed to preserve integrity, confidentiality, availability, non-repudiation where appropriate, and correctionability.

8.12.7(f) Credential access by providers, sponsors, hosts, public authorities, National Companies, Project SPVs, universities, external collaborators, or other third parties shall be limited to recorded purpose, recorded authority, contractual controls where applicable, security requirements, logging, revocation, and boundary language.

8.12.7(g) Credential compromise, suspected compromise, overbroad credential permission, leaked secret, expired key misuse, unlogged token use, unauthorized service account activity, or uncontrolled credential sharing shall be treated as a security and evidence-integrity event requiring review and remediation.

8.12.7(h) Remediation may include revocation, rotation, access restriction, workload hold, environment quarantine, output hold, incident response, downstream dependency review, public-safe correction where required, controlled notice, legal review, and board reporting where material.

8.12.7(i) The controlling rule shall be that control of keys, tokens, secrets, and credentials is control of compute authority, and therefore must be tightly bounded, logged, revocable, and correctable.

***

8.12.8 Data Residency, Localization, Cross-Border Transfer, and Sovereign Data Controls.\
8.12.8(a) GCRI Canada shall maintain data residency, localization, cross-border transfer, and sovereign data controls for compute environments and workloads involving personal information, rights-bearing data, public authority data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, community-protected data, Indigenous or protected knowledge, finance-sensitive data, commercially sensitive data, source-protected information, controlled technology, export-controlled material, sanctions-sensitive material, or other restricted data.

8.12.8(b) Data residency controls shall identify where data are stored, processed, cached, logged, backed up, replicated, indexed, embedded, retrieved, displayed, exported, archived, deleted, or sealed.

8.12.8(c) Localization controls shall identify legal, contractual, public authority, community, Indigenous, sovereign, sectoral, or institutional requirements requiring data to remain within a jurisdiction, data zone, public authority environment, Indigenous or community data environment, sovereign cloud, secure research environment, or compute-to-data environment.

8.12.8(d) Cross-border transfer controls shall identify transfer route, source jurisdiction, destination jurisdiction, recipient, provider, subprocessors, legal basis, contractual safeguards, public authority restrictions, conflict-of-law risk, access-by-foreign-actor risk, cloud-region risk, support-access risk, model-provider risk, AI-use risk, logging risk, and return or deletion requirements.

8.12.8(e) Sovereign data controls shall include sovereign data zone designation, localization requirements, compute-to-data requirements, public authority data requirements, Indigenous data considerations, community data safeguards, national data infrastructure requirements, jurisdictional access limits, and cross-border escalation triggers.

8.12.8(f) Data shall not be transferred, replicated, embedded, cached, used for training, exposed to model providers, exported through APIs, placed in dashboards, included in maps, or made public-safe without review of residency, localization, transfer, sovereign data, privacy, cybersecurity, public-safe, and protected knowledge obligations where applicable.

8.12.8(g) Where an environment cannot satisfy residency, localization, cross-border transfer, or sovereign data controls, the workload shall be moved, narrowed, redesigned, handled through compute-to-data, placed in a controlled environment, restricted, suspended, or refused.

8.12.8(h) The controlling rule shall be that compute environments must respect where data may lawfully and safely live, move, be processed, be viewed, be summarized, and be corrected.

***

8.12.9 Environment Decommissioning, Migration, Backup, Disaster Recovery, and Exit Readiness.\
8.12.9(a) GCRI Canada shall maintain environment decommissioning, migration, backup, disaster recovery, and exit readiness controls for material compute environments.

8.12.9(b) Decommissioning shall identify affected environments, workloads, data, models, code, logs, outputs, credentials, keys, secrets, access rights, backups, archives, dependencies, public-safe outputs, controlled-room outputs, and correction paths before termination or disposal.

8.12.9(c) Migration shall preserve source lineage, data lineage, method records, model records, workload records, access logs, output version logs, dependency links, public-safe status, classification, permissions, retention status, correction paths, and boundary language when workloads, data, models, code, logs, outputs, or repositories move between environments.

8.12.9(d) Backup controls shall identify backup scope, frequency, storage location, encryption status, access controls, retention period, restoration process, deletion process, sealing process where applicable, public authority restrictions, sovereign data constraints, protected knowledge constraints, and recovery testing.

8.12.9(e) Disaster recovery controls shall identify recovery objectives, restoration priority, critical workloads, critical records, critical logs, public-safe outputs, controlled-room outputs, repository continuity, key recovery, credential recovery, incident communication, governance escalation, and dependency review.

8.12.9(f) Exit readiness shall address provider exit, sponsor exit, host exit, cloud exit, model-provider exit, repository exit, public authority environment exit, National Company or Project SPV interface exit, data-room exit, clean-room exit, API exit, and software dependency exit.

8.12.9(g) Decommissioning, migration, backup, disaster recovery, and exit activities shall not silently delete evidence, break correction paths, expose restricted data, compromise protected knowledge, lose audit logs, invalidate dependency records, create public-safe errors, or create provider lock-in, sponsor control, public authority confusion, finance overclaim, or execution drift.

8.12.9(h) Where records, logs, outputs, credentials, backups, or dependencies cannot be safely preserved or disposed of, GCRI Canada shall apply sealing, legal hold, controlled migration, restricted access, board escalation, legal review, cybersecurity review, privacy review, safeguards review, or other protective action.

8.12.9(i) The controlling rule shall be that compute environments must be able to end, move, fail, recover, and exit without destroying evidence integrity, correctionability, or public trust.

***

8.12.10 Compute Environment Records, Exceptions, Reviews, Incidents, and Corrections.\
8.12.10(a) GCRI Canada shall maintain, or cause to be maintained, compute environment records, exception records, review records, incident records, and correction records for material compute environments.

8.12.10(b) Compute environment records shall identify environment title or identifier, environment type, owner, custodian, steward, provider where any, jurisdiction, data residency status, localization status, cross-border transfer status, approved workload classes, prohibited workload classes, approved data classes, prohibited data classes, access model, security controls, logging controls, monitoring controls, key and credential controls, backup controls, disaster recovery controls, decommissioning path, review cycle, exception status, incident history, public-safe status, sovereign data status, protected knowledge status, and correction path.

8.12.10(c) Exception records shall identify the requested exception, environment affected, workload affected, data affected, reason, risk, compensating controls, approving actor, approval duration, review date, expiration, prohibited uses, monitoring requirements, notice requirements, and closeout condition.

8.12.10(d) Review records shall identify review scope, reviewer, review date, evidence reviewed, environment configuration, access records, security posture, privacy posture, sovereign data posture, public-safe posture, protected knowledge posture, public authority posture, finance-boundary posture, provider-neutrality posture, sponsor non-control posture, findings, corrective actions, escalation, and closeout status.

8.12.10(e) Incident records shall identify incident type, environment affected, workload affected, data affected, source of detection, date, severity, access effect, confidentiality effect, integrity effect, availability effect, public-safe effect, privacy effect, cybersecurity effect, sovereign data effect, protected knowledge effect, public authority effect, finance effect, provider effect, sponsor effect, downstream dependency effect, response actions, notice decisions, correction actions, and closeout status.

8.12.10(f) Correction records shall identify corrected environment control, prior status, corrected status, reason, reviewer, approving actor where applicable, effective date, affected workloads, affected outputs, affected logs, affected dependencies, residual risk, notice decision, and archive treatment.

8.12.10(g) Environment records shall be linked, where applicable, to Compute Workload Records, Compute Workload Register entries, Dataset Register entries, Model Register entries, Method Register entries, Evidence Register entries, Observability Register entries, Truth Engine audit logs, Output Class Register entries, Correction Register entries, Dependency Register entries, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, Nexus interface records, and public claims records.

8.12.10(h) Compute environment records, exceptions, reviews, incidents, and corrections shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.12.10(i) The controlling rule shall be that compute environment authority must be recorded, exceptions must be bounded, reviews must be recurring, incidents must be corrected, and environment records must remain linked to the evidence architecture they support.

### 8.13 Sovereign Compute, Secure Enclaves, Confidential Computing, Compute-to-Data, and Air-Gapped Environments

8.13.1 Sovereign Compute Alignment.\
8.13.1(a) GCRI Canada shall align material Verifiable Compute involving sovereign-sensitive materials, public authority data, community-protected data, Indigenous or protected knowledge, rights-bearing data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, controlled technology, or other restricted materials with applicable sovereign compute requirements.

8.13.1(b) Sovereign compute alignment shall include assessment of jurisdiction, data residency, localization, public authority restrictions, Indigenous data considerations, community data safeguards, cross-border transfer limits, conflict-of-law risk, provider access, support access, cloud-region risk, subcontractor access, model-provider access, AI-use limits, logging location, backup location, archive location, deletion controls, and lawful retrieval limits.

8.13.1(c) Sovereign compute may include sovereign cloud, national data infrastructure, public authority-controlled environments, compute-to-data environments, secure research environments, clean rooms, controlled rooms, on-premise environments, edge environments, secure enclaves, confidential computing environments, or other jurisdictionally controlled compute arrangements.

8.13.1(d) Sovereign compute alignment shall not be presumed merely because an environment is labelled sovereign, locally hosted, government-used, public-sector aligned, university-hosted, provider-certified, sponsor-supported, or technically secure. The environment must be reviewed against the actual workload, data class, evidence class, public-safe status, legal context, access model, provider relationship, and correction path.

8.13.1(e) Sovereign compute alignment shall preserve GCRI Canada’s non-execution role. It shall not make GCRI Canada the operator of sovereign infrastructure, public authority system, national data infrastructure, telecommunications system, licensed market infrastructure, emergency-management system, public warning system, procurement system, or execution platform.

8.13.1(f) Where sovereign compute restrictions conflict with openness, reproducibility, public-safe publication, cross-border research, provider tooling, AI-model access, cloud convenience, sponsor expectations, or public-facing timelines, GCRI Canada shall prefer the lawful, sovereignty-compatible, public-safe, privacy-preserving, security-controlled, and records-valid interpretation.

8.13.1(g) Where a workload cannot be made sovereign-compute compatible at a level proportionate to its risk, GCRI Canada shall hold, narrow, relocate, restrict, redesign, process through compute-to-data, move into secure enclave or controlled room, refuse, or escalate the workload.

8.13.1(h) The controlling rule shall be that sovereign compute alignment is not a technical preference; it is a constitutional evidence condition where data, authority, community, jurisdiction, or public trust requires lawful and bounded control over where compute occurs and who may access it.

***

8.13.2 Secure Enclaves for Sensitive, Restricted, Public Authority, Health-Sensitive, Infrastructure-Sensitive, Cyber-Sensitive, Community-Protected, or Protected Knowledge Materials.\
8.13.2(a) GCRI Canada may require secure enclaves, trusted execution environments, confidential computing environments, secure research environments, controlled clean rooms, controlled data rooms, or equivalent protected environments for workloads involving sensitive, restricted, public authority, health-sensitive, infrastructure-sensitive, cyber-sensitive, community-protected, Indigenous or protected knowledge, sovereign-sensitive, finance-sensitive, commercially sensitive, source-protected, or controlled-technology materials.

8.13.2(b) Secure enclave use shall be considered where ordinary compute environments cannot sufficiently preserve confidentiality, integrity, access control, workload isolation, source protection, data minimization, controlled disclosure, public-safe output review, sovereign data controls, protected knowledge safeguards, or correctionability.

8.13.2(c) Secure enclave records shall identify enclave purpose, owner, custodian, steward, provider where any, jurisdiction, data classes, evidence classes, approved workloads, prohibited workloads, approved users, prohibited users, access method, export method, logging status, monitoring status, attestation status where any, key controls, credential controls, output review requirements, declassification controls, retention treatment, and correction path.

8.13.2(d) Secure enclaves shall not be used to conceal weak evidence, suppress challenge, avoid correction, hide sponsor influence, hide provider influence, bypass public-safe review, evade public authority restrictions, avoid privacy obligations, avoid cybersecurity controls, or prevent lawful governance oversight.

8.13.2(e) Materials processed in secure enclaves shall not be exported, summarized, screenshotted, copied, downloaded, embedded, trained on, retrieved from, exposed to AI systems, or used in public-safe outputs except as expressly permitted by the enclave rules and applicable workload record.

8.13.2(f) Secure enclave use shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.13.2(g) Where secure enclave controls fail, are bypassed, are misconfigured, are no longer adequate, or are inconsistent with workload classification, GCRI Canada shall hold affected workloads, restrict access, quarantine outputs, rotate credentials, preserve logs, conduct incident review, correct affected records, and review downstream dependencies.

8.13.2(h) The controlling rule shall be that secure enclaves protect sensitive evidence by constraining access and output, not by making the evidence automatically valid, public-safe, official, financial, certified, or executable.

***

8.13.3 Confidential Computing and Attestation Where Appropriate.\
8.13.3(a) GCRI Canada may use confidential computing, trusted execution environments, hardware-assisted isolation, cryptographic attestation, signed workload records, secure boot evidence, measured execution records, or equivalent techniques where appropriate to strengthen workload integrity, access control, confidentiality, auditability, and correctionability.

8.13.3(b) Confidential computing may be appropriate where workloads involve sensitive datasets, AI inference, model evaluation, benchmark execution, secure research, public authority data, sovereign-sensitive data, cyber-sensitive data, infrastructure-sensitive data, health-sensitive data, protected knowledge, source-protected data, cross-institution collaboration, provider environments, cloud environments, or controlled-room outputs.

8.13.3(c) Attestation records may identify environment identity, workload identity, code identity, model identity, configuration identity, hardware or enclave status where material, runtime state where appropriate and safe, signing actor or system, verification actor, verification date, limitations, public-safe status, permitted use, prohibited use, and correction path.

8.13.3(d) Attestation shall not be treated as proof that underlying data are accurate, methods are valid, models are unbiased, outputs are true, public-safe classification is correct, permissions are adequate, public authority meaning exists, finance-readiness exists, provider endorsement exists, sponsor approval exists, or execution authority exists.

8.13.3(e) Confidential computing shall be accompanied by governance controls, including workload authority, access controls, key management, secrets management, source records, data lineage records, method records, model records, reviewer records, output records, public-safe review, and correction paths.

8.13.3(f) Where attestation is unavailable, incomplete, failed, disputed, stale, misconfigured, unverifiable, or inconsistent with recorded workload status, GCRI Canada shall not overstate compute integrity and shall determine whether to rerun, restrict, qualify, downgrade, correct, suspend, withdraw, or archive affected outputs.

8.13.3(g) Confidential computing records and attestations shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.13.3(h) The controlling rule shall be that confidential computing may strengthen proof of how compute ran, but it does not prove that what the compute concluded is authoritative.

***

8.13.4 Compute-to-Data as Default for Restricted or Sovereign-Sensitive Materials.\
8.13.4(a) GCRI Canada shall treat compute-to-data as the default preferred design pattern for restricted or sovereign-sensitive materials where moving data would create unacceptable privacy, cybersecurity, sovereign data, public authority, protected knowledge, community, legal, contractual, export-control, sanctions, source-protection, or public-safe risk.

8.13.4(b) Compute-to-data shall mean that approved methods, code, models, queries, tools, or reviewers are brought to the controlled data environment, rather than exporting the restricted data into a less controlled environment.

8.13.4(c) Compute-to-data shall be considered for public authority data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, community-protected data, Indigenous or protected knowledge, rights-bearing data, finance-sensitive data, commercially sensitive data, source-protected information, controlled technology, restricted geospatial data, sensitive telemetry, and materials subject to localization, data-sharing, or confidentiality restrictions.

8.13.4(d) Compute-to-data records shall identify controlled environment, data custodian, workload purpose, approved code or method, approved model where any, approved query where any, reviewer, permitted outputs, prohibited outputs, export controls, public-safe review, logging, attestation where any, deletion treatment, retention treatment, and correction path.

8.13.4(e) Outputs from compute-to-data environments shall be subject to output review before export, including review for privacy, re-identification, inference risk, cybersecurity, public authority restrictions, sovereign data, protected knowledge, community safety, public-safe classification, finance-boundary risk, provider-neutrality risk, sponsor non-control risk, and boundary language.

8.13.4(f) Compute-to-data shall not be used to bypass data-owner rights, community protocols, Indigenous protocols, public authority restrictions, legal restrictions, consent or non-consent conditions, data minimization, purpose limitation, or public-safe review.

8.13.4(g) Where compute-to-data outputs are used in Truth Engine outputs, Observatory outputs, dashboards, maps, Evidence Packs, Decision Packs, public-safe reports, GRF inputs, GRA inputs, Protocol Authority support, public authority materials, finance-facing materials, provider materials, sponsor materials, host materials, community-facing materials, Academy materials, or public claims, the receiving output shall preserve limitations, classification, permitted use, prohibited use, and correction path.

8.13.4(h) The controlling rule shall be that restricted data should move only when lawful, necessary, safe, and records-valid; otherwise compute should move to the data.

***

8.13.5 Air-Gapped or No-Download Environments for High-Risk Materials.\
8.13.5(a) GCRI Canada may require air-gapped, partially air-gapped, no-download, network-restricted, export-restricted, offline, controlled-transfer, or equivalent environments for high-risk materials where ordinary networked or export-capable environments create unacceptable risk.

8.13.5(b) High-risk materials may include cyber-sensitive evidence, infrastructure-sensitive evidence, public authority restricted evidence, national or sovereign-sensitive materials, protected knowledge, Indigenous or community-sensitive materials, controlled technology, export-controlled materials, sanctions-sensitive materials, source-protected materials, vulnerability-sensitive materials, exploit-sensitive materials, sensitive geospatial layers, sensitive sensor records, confidential witness or participant materials, and high-consequence dispute records.

8.13.5(c) Air-gapped or no-download environment records shall identify isolation model, network status, import rules, export rules, media controls, transfer approvals, device controls, logging, monitoring, reviewer access, output review, deletion treatment, sealing treatment, archive treatment, incident path, and correction path.

8.13.5(d) No-download controls shall prohibit unauthorized download, copy, screenshot, screen recording, export, local sync, model ingestion, embedding, training, printing, photograph, external API call, external storage, or redistribution of restricted materials.

8.13.5(e) Controlled exports from air-gapped or no-download environments shall be subject to output review, redaction, aggregation, de-identification where appropriate, metadata review, public-safe review, classification review, legal review where required, and approval records.

8.13.5(f) Air-gapped status shall not excuse lack of evidence records, method records, model records, reviewer records, output records, confidence treatment, uncertainty treatment, limitation statements, public-safe review, or correction paths.

8.13.5(g) Where air-gapped or no-download controls are breached or suspected to be breached, GCRI Canada shall treat the event as a security, evidence-integrity, and public-safe event requiring access restriction, incident response, affected-output review, dependency review, correction, notice where required, and escalation where material.

8.13.5(h) The controlling rule shall be that high-risk materials require environments that limit movement, but limited movement must still preserve auditability, reviewability, and correctionability.

***

8.13.6 Secure Collaboration, Clean Room, Controlled Room, and Data Room Integration.\
8.13.6(a) GCRI Canada may integrate sovereign compute, secure enclaves, confidential computing, compute-to-data, and air-gapped environments with secure collaboration, clean room, controlled room, and data room practices where such integration is necessary for public-benefit evidence review, technical review, public authority learning, GRF input, GRA input, Protocol Authority support, public-safe publication, or correction.

8.13.6(b) Secure collaboration environments shall identify participant roles, institutional capacities, access authority, confidentiality obligations, permitted uses, prohibited uses, export rules, AI-use rules, recording rules, citation rules, redistribution rules, public-safe summary rules, correction path, and closeout rules.

8.13.6(c) Clean rooms shall be used where multiple parties need to compare, analyze, or validate restricted information without transferring underlying sensitive data beyond approved controls. Clean-room rules shall define data contribution, compute method, output review, export review, privacy controls, public authority controls, sovereign data controls, protected knowledge controls, provider-neutrality controls, sponsor non-control controls, and correction paths.

8.13.6(d) Controlled rooms shall be used where sensitive outputs, evidence, models, dashboards, maps, technical annexes, or dispute materials require access-limited review by authorized persons under recorded purpose and boundary conditions.

8.13.6(e) Data rooms shall be used where evidence, datasets, models, methods, technical annexes, public authority materials, finance-sensitive materials, provider materials, sponsor materials, host materials, or Project SPV / National Company interface materials require structured access, logs, permissions, no-advice language where applicable, no-endorsement language where applicable, public-safe controls, and correction paths.

8.13.6(f) Secure collaboration, clean rooms, controlled rooms, and data rooms shall not create approval, certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.13.6(g) Where secure collaboration outputs are converted into public-safe summaries, dashboards, maps, reports, Evidence Packs, Decision Packs, GRF inputs, GRA inputs, Protocol Authority support, public authority materials, finance-facing materials, provider materials, sponsor materials, community-facing materials, or public claims, GCRI Canada shall apply output review, boundary review, public-safe review, dependency review, and correction review.

8.13.6(h) The controlling rule shall be that secure collaboration enables controlled evidence work across roles, but it does not merge roles, create authority, or release evidence from its recorded limits.

***

8.13.7 Cross-Border Compute Restrictions.\
8.13.7(a) GCRI Canada shall maintain cross-border compute restrictions for workloads where data, models, code, logs, outputs, metadata, prompts, queries, retrieval records, embeddings, backups, or archives may cross jurisdictions or become accessible from outside the approved jurisdiction.

8.13.7(b) Cross-border compute restrictions shall apply where workloads involve personal information, rights-bearing data, public authority data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, community-protected data, Indigenous or protected knowledge, finance-sensitive data, commercially sensitive data, source-protected information, controlled technology, export-controlled material, sanctions-sensitive material, or other restricted content.

8.13.7(c) Cross-border review shall identify source jurisdiction, destination jurisdiction, cloud region, provider access, support access, subcontractor access, model-provider access, public authority access, data residency, localization requirements, conflict-of-law risk, compelled access risk, transfer mechanism, contractual safeguards, technical safeguards, public-safe implications, deletion or return requirements, and correction path.

8.13.7(d) Cross-border compute shall not proceed where transfer, access, processing, caching, logging, embedding, training, retrieval, backup, support, or export would violate law, public authority restrictions, community restrictions, Indigenous or protected knowledge restrictions, contract, privacy obligations, cybersecurity obligations, sanctions, export-control rules, or sovereign data requirements.

8.13.7(e) Where cross-border compute is lawful but risk-bearing, GCRI Canada shall apply safeguards proportionate to risk, including localization, compute-to-data, secure enclave processing, contractual controls, encryption, access restriction, support-access limits, log minimization, controlled output review, public-safe review, and dependency tracking.

8.13.7(f) Cross-border compute shall not be justified merely by convenience, cost, tool availability, provider preference, sponsor preference, model availability, public authority interest, research speed, event timing, or public-facing urgency.

8.13.7(g) Where cross-border compute restrictions are breached or suspected to be breached, GCRI Canada shall conduct incident review, legal review where required, privacy review, cybersecurity review, sovereign data review, public authority review where applicable, protected knowledge review where applicable, correction, notice where required, and downstream dependency review.

8.13.7(h) The controlling rule shall be that compute crosses borders only when lawful, necessary, safe, bounded, logged, and correctionable.

***

8.13.8 Public Authority Data Compute Controls.\
8.13.8(a) GCRI Canada shall maintain public authority data compute controls for workloads involving data, records, systems, outputs, references, restrictions, or contexts provided by, derived from, hosted by, or associated with public authorities.

8.13.8(b) Public authority data compute controls shall identify public authority source, capacity classification, official or non-official status, data-sharing authority, permitted use, prohibited use, confidentiality, publication restrictions, access restrictions, retention restrictions, transfer restrictions, public-safe status, public authority reference controls, and correction path.

8.13.8(c) Public authority data shall not be processed in a compute environment unless the environment satisfies applicable public authority restrictions, privacy requirements, cybersecurity requirements, data residency requirements, localization requirements, public-sector security requirements, access logging, output review, public-safe review, and deletion or return requirements.

8.13.8(d) Public authority data compute shall not create public authority decision, official guidance, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, public adoption, sovereign obligation, enforcement position, compliance determination, safe harbor, or delegation to GCRI Canada.

8.13.8(e) Public authority names, logos, titles, agency references, jurisdiction references, public finance references, emergency-management references, regulator-listening references, and public-sector data references in compute outputs shall be controlled to prevent endorsement, adoption, procurement implication, regulatory implication, funding implication, public-warning implication, or sovereign-obligation implication.

8.13.8(f) Where public authority data compute produces public-safe outputs, controlled annexes, dashboards, maps, Evidence Packs, Decision Packs, GRF inputs, GRA inputs, Protocol Authority support, or public claims, output review shall preserve public authority boundaries and any required non-delegation, non-endorsement, non-warning, non-procurement, non-funding, non-public-finance, non-regulatory, and correction language.

8.13.8(g) Where public authority data compute is corrected, disputed, restricted, reclassified, superseded, withdrawn, retracted, or challenged by a competent public authority, GCRI Canada shall update affected records, restrict affected outputs where necessary, and review downstream dependencies.

8.13.8(h) The controlling rule shall be that public authority data may support public-good evidence only within public authority boundaries and never as delegated public power.

***

8.13.9 Community and Indigenous Knowledge Compute Controls.\
8.13.9(a) GCRI Canada shall maintain community and Indigenous knowledge compute controls for workloads involving community-protected data, Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, traditional ecological knowledge, sensitive-site information, community vulnerability information, informal infrastructure knowledge, lived experience, protected knowledge, or knowledge shared under conditions of trust.

8.13.9(b) Community and Indigenous knowledge compute controls shall treat such materials as rights-bearing, context-bearing, relationship-bearing, safeguard-bearing, and public-safe-sensitive, not merely as extractive data inputs.

8.13.9(c) Compute involving community or Indigenous knowledge shall identify authority, consent or non-consent where applicable, community protocol, Indigenous protocol where applicable, cultural context, territorial context, permitted use, prohibited use, access limits, processing limits, AI-use limits, training-use limits, embedding-use limits, retrieval-use limits, transfer limits, publication limits, withdrawal or challenge pathway where applicable, and correction path.

8.13.9(d) Community or Indigenous knowledge shall not be processed through AI systems, model training, embeddings, retrieval systems, geospatial systems, dashboards, maps, public-safe summaries, or cross-border environments unless lawful, authorized, safeguarded, public-safe, and consistent with applicable protocols and trust conditions.

8.13.9(e) Compute outputs derived from community or Indigenous knowledge shall be reviewed to prevent exposure of protected persons, sensitive places, sacred sites, cultural knowledge, environmental vulnerabilities, community-protected information, retaliatory risk, source exposure, extraction, erasure, misattribution, decontextualization, or misuse.

8.13.9(f) Where community or Indigenous knowledge cannot safely be disclosed, GCRI Canada may use controlled-room review, compute-to-data, aggregation, redaction, generalized public-safe summaries, responsible non-disclosure, or no-publication treatment.

8.13.9(g) Community and Indigenous knowledge compute shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.13.9(h) The controlling rule shall be that compute involving community and Indigenous knowledge must preserve relationship, authority, context, protection, and trust before it produces output.

***

8.13.10 Secure Enclave and Compute-to-Data Records, Access Logs, Output Reviews, and Declassification Controls.\
8.13.10(a) GCRI Canada shall maintain, or cause to be maintained, secure enclave records, compute-to-data records, access logs, output reviews, declassification controls, release records, correction records, and archive records for material workloads conducted in secure enclaves, confidential computing environments, compute-to-data environments, air-gapped environments, no-download environments, clean rooms, controlled rooms, secure research environments, and data rooms.

8.13.10(b) Secure enclave and compute-to-data records shall identify environment title or identifier, workload title or identifier, owner, custodian, steward, provider where any, jurisdiction, data classes, evidence classes, purpose, approved users, approved methods, approved code, approved models where any, approved queries where any, access controls, import controls, export controls, logging, attestation where any, isolation status, public-safe status, permitted use, prohibited use, review status, correction path, and archive path.

8.13.10(c) Access logs shall identify, where appropriate and lawful, user or actor identity, role, organization, capacity, access authority, access date, access time, resource accessed, output version accessed, access method, access purpose, export activity, download attempt, screenshot attempt where controlled, API activity, modification activity, sharing activity, denied access attempts, and anomalous access events.

8.13.10(d) Output reviews shall assess whether any output leaving a secure enclave, compute-to-data environment, air-gapped environment, no-download environment, clean room, controlled room, or data room is lawful, authorized, classified correctly, privacy-preserving, cybersecurity-safe, sovereign-data compatible, public authority-safe, protected-knowledge-safe, community-safe, finance-safe, provider-neutral, sponsor-non-controlling, limitation-aware, confidence-aware, uncertainty-aware, and correctionable.

8.13.10(e) Declassification controls shall identify prior classification, proposed classification, reason for declassification, reviewer, approving actor, affected data, affected sources, affected methods, affected outputs, redactions, aggregations, generalizations, residual risk, public-safe notes, permitted use, prohibited use, boundary language, notice decision, effective date, and correction path.

8.13.10(f) No output shall be declassified, exported, published, summarized, used in public-safe materials, used in public authority materials, used in finance-facing materials, used in provider materials, used in sponsor materials, used in community-facing materials, used in GRF inputs, used in GRA inputs, used in Protocol Authority support, or used in public claims unless release is supported by proper record, review, classification, boundary language, and correction path.

8.13.10(g) Where output review or declassification reveals defect, overclaim, unsafe disclosure, unauthorized access, misclassification, public authority ambiguity, finance-boundary risk, provider preference, sponsor influence, protected knowledge risk, privacy risk, cyber risk, sovereign data risk, or community harm risk, the output shall be held, restricted, corrected, reclassified, downgraded, superseded, withdrawn, or refused.

8.13.10(h) Records under this section shall be linked, where applicable, to Compute Workload Records, Compute Environment Records, Evidence Register entries, Dataset Register entries, Model Register entries, Method Register entries, Observability Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, and Nexus interface records.

8.13.10(i) Secure enclave records, compute-to-data records, access logs, output reviews, and declassification records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.13.10(j) The controlling rule shall be that protected compute environments must control not only who enters and what runs, but also what leaves, what it means, who may use it, and how it can be corrected.

### 8.14 Verifiable Intelligence Purpose

8.14.1 Verifiable Intelligence as Public-Good Intelligence Produced Through Evidence, Methods, Source Lineage, Model Governance, Human Review, Confidence, Limitations, Classification, and Correction.\
8.14.1(a) GCRI Canada may steward Verifiable Intelligence as public-good intelligence produced through evidence, methods, source lineage, provenance, custody, data lineage, model governance, human review where material, confidence treatment, uncertainty treatment, limitation statements, classification, public-safe review, access controls, handling controls, dependency tracking, and correction.

8.14.1(b) Verifiable Intelligence shall mean intelligence-like outputs whose evidentiary basis, source authority, method, data inputs, model inputs, compute process where material, reviewer records, output class, audience, public-safe status, confidence, uncertainty, limitations, permitted use, prohibited use, boundary language, and correction path are recorded or capable of being established through an equivalent records-valid system.

8.14.1(c) Verifiable Intelligence may include systemic-risk intelligence, resilience intelligence, infrastructure intelligence, technology intelligence, AI intelligence, cyber intelligence, climate intelligence, WEFH intelligence, biosecurity intelligence, energy intelligence, supply-chain intelligence, public-trust intelligence, observability intelligence, public authority learning intelligence, GRF input intelligence, GRA input intelligence, Protocol Authority input intelligence, Nexus Observatory intelligence, Nexus Rails intelligence, Nexus Grid intelligence, Nexus Academy intelligence, and public-safe technical intelligence.

8.14.1(d) Verifiable Intelligence shall be produced only within GCRI Canada’s public-benefit, non-executing, evidence-and-methods mandate. It shall not be produced as covert intelligence, law enforcement intelligence, military intelligence, national security intelligence, public authority intelligence, financial intelligence product, commercial surveillance product, market intelligence product, procurement intelligence product, provider ranking product, sponsor report for control, or execution command.

8.14.1(e) Verifiable Intelligence shall preserve the distinction between evidence, analysis, inference, assumption, model output, AI output, scenario output, confidence, uncertainty, limitation, public-safe summary, controlled annex, and downstream decision.

8.14.1(f) Verifiable Intelligence shall not treat AI fluency, model confidence, dashboard visibility, source volume, public authority interest, sponsor support, provider participation, capital-reader interest, media circulation, cryptographic anchoring, compute reproducibility, or Nexus visibility as a substitute for evidence, method, review, limitation, and correction.

8.14.1(g) Where Verifiable Intelligence materially affects public-safe outputs, public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority support, Observatory outputs, Rails handoffs, Grid records, Academy materials, provider materials, sponsor materials, host materials, community-facing materials, public claims, or downstream dependencies, it shall be recorded, reviewed, bounded, and correctionable.

8.14.1(h) The controlling rule shall be that Verifiable Intelligence is public-good intelligence only when its intelligence value is inseparable from evidence integrity, method discipline, source lineage, model governance, human review where material, confidence, limitations, classification, and correction.

***

8.14.2 Verifiable Intelligence as Distinct From Secret Intelligence, Law Enforcement Intelligence, Military Intelligence, Public Authority Determination, or Official Public Warning by GCRI Canada.\
8.14.2(a) Verifiable Intelligence shall be distinct from secret intelligence, classified state intelligence, law enforcement intelligence, military intelligence, national security intelligence, public authority determination, public warning, emergency command, regulatory finding, enforcement position, procurement decision, public finance approval, official guidance, sovereign obligation, or public-law act by GCRI Canada.

8.14.2(b) GCRI Canada shall not use Verifiable Intelligence to conduct surveillance, intelligence collection on persons, law enforcement analysis, military targeting, security-service activity, public authority investigation, emergency command, public warning issuance, regulatory enforcement, procurement decision-making, public finance determination, or operational control.

8.14.2(c) Verifiable Intelligence may use public records, public authority context, restricted evidence where authorized, cyber evidence, infrastructure evidence, observability evidence, geospatial evidence, Earth observation, AI-RAN signals, DePIN telemetry, digital twins, simulations, public-safe dashboards, community context, and technical sources, but such use shall not convert GCRI Canada into a public authority, intelligence agency, law enforcement actor, military actor, emergency authority, or public warning system.

8.14.2(d) Public authority participation, public authority data contribution, regulator-listening presence, emergency-management presence, public finance presence, public authority room participation, public-sector workshop attendance, public authority quotation, agency reference, logo reference, or public-sector use of Verifiable Intelligence shall not create public authority determination or delegation to GCRI Canada.

8.14.2(e) Where Verifiable Intelligence addresses high-consequence risk, hazard, cyber, infrastructure, climate, health-adjacent, public safety, or emergency-adjacent topics, GCRI Canada shall preserve public warning and emergency-command boundary language and shall not direct public action as though it held public authority.

8.14.2(f) Where a competent public authority, law enforcement body, emergency-management actor, regulator, public finance actor, public health actor, or other public body uses Verifiable Intelligence within its own lawful process, such use shall remain the public body’s own use within its own authority, records, procedures, duties, and liabilities.

8.14.2(g) Where Verifiable Intelligence is misread or misused as secret intelligence, law enforcement intelligence, military intelligence, public authority determination, official guidance, public warning, emergency command, regulatory finding, procurement approval, funding approval, or sovereign obligation, GCRI Canada shall correct, clarify, restrict, withdraw, reissue, or notify affected interfaces as appropriate.

8.14.2(h) The controlling rule shall be that GCRI Canada may produce public-good intelligence for learning and evidence support, but shall not produce state, enforcement, military, public-warning, or public-law intelligence by default.

***

8.14.3 Verifiable Intelligence as Public-Safe Where Released Externally.\
8.14.3(a) Verifiable Intelligence released externally shall be public-safe or controlled-room safe according to its output class, audience, evidence class, data class, public authority relevance, finance relevance, provider relevance, sponsor relevance, community relevance, protected knowledge relevance, privacy risk, cybersecurity risk, sovereign data risk, legal sensitivity, and downstream dependency.

8.14.3(b) Public-safe Verifiable Intelligence shall be reviewed to ensure that it does not disclose personal information, rights-bearing data, cyber-sensitive information, infrastructure-sensitive information, public authority restricted information, sovereign-sensitive information, protected knowledge, community-sensitive information, source-protected information, commercial sensitivity, finance-sensitive information, controlled technology, exploit details, security controls, confidential materials, or unsafe geospatial detail unless lawful, authorized, safe, mission-compatible, and records-valid.

8.14.3(c) Public-safe Verifiable Intelligence shall state or preserve, where material, source limits, method limits, data limits, model limits, AI limits, uncertainty, confidence, assumptions, proxies, gaps, inference chains, public-safe omissions, responsible non-disclosure basis, permitted use, prohibited use, boundary language, and correction path.

8.14.3(d) Where full Verifiable Intelligence cannot be publicly released without unsafe disclosure, GCRI Canada may issue public-safe summaries, controlled annexes, restricted Evidence Packs, controlled-room outputs, public authority learning materials, GRF-facing materials, GRA-facing materials, Protocol Authority-facing materials, or targeted notices according to classification and audience.

8.14.3(e) Public-safe release shall not mean unrestricted reuse, public authority approval, finance-readiness, certification, recognition, procurement relevance, provider endorsement, sponsor approval, protocol effect, public warning, emergency command, operational clearance, legal status, market authority, infrastructure operation, or execution readiness.

8.14.3(f) Public-safe Verifiable Intelligence shall be reviewed for title, framing, labels, charts, maps, dashboard colors, scores, confidence displays, captions, logos, public authority references, provider references, sponsor acknowledgments, finance-facing language, Nexus references, metadata, file names, repository descriptions, and social summaries where material.

8.14.3(g) Where externally released Verifiable Intelligence becomes inaccurate, stale, unsafe, overclaimed, misclassified, misused, misread, or no longer fit for purpose, GCRI Canada shall correct, restrict, supersede, withdraw, retract, relabel, reissue, or issue public-safe or controlled correction notice as appropriate.

8.14.3(h) The controlling rule shall be that Verifiable Intelligence may leave controlled settings only when its public or external meaning is safe, bounded, limitation-aware, and correctionable.

***

8.14.4 Verifiable Intelligence for Systemic Risk, Resilience, Infrastructure, AI, Cyber, Climate, WEFH, Biosecurity, Energy, Supply Chain, Public Trust, and Exponential Technology Contexts.\
8.14.4(a) GCRI Canada may steward Verifiable Intelligence for systemic risk, resilience, infrastructure, AI, cyber, climate, water, energy, food, health, biosecurity, energy systems, supply chains, public trust, exponential technologies, and related public-good contexts.

8.14.4(b) Systemic-risk and resilience Verifiable Intelligence may address interdependencies, cascading risks, degraded modes, continuity, fragility, adaptation, recovery, critical services, community resilience, institutional resilience, public authority learning, technical baselines, and public-safe risk legibility.

8.14.4(c) Infrastructure Verifiable Intelligence may address telecommunications, AI-RAN, O-RAN, private wireless, DePIN, digital infrastructure, compute infrastructure, geospatial infrastructure, cyber infrastructure, energy infrastructure, water infrastructure, food systems, health-adjacent systems, transportation, supply chains, public facilities, and community infrastructure, provided that GCRI Canada does not become an infrastructure operator or emergency commander.

8.14.4(d) AI and cyber Verifiable Intelligence may address model behavior, AI system risks, AI governance, AI observability, cyber evidence, vulnerabilities in public-safe form, incident-adjacent evidence, secure research, model evaluation, benchmark evidence, prompt or retrieval risk, data leakage risk, adversarial manipulation, and public-safe cyber literacy.

8.14.4(e) Climate, WEFH, biosecurity, energy, and supply-chain Verifiable Intelligence may address hazards, exposures, dependencies, vulnerabilities, adaptation, resilience, stress indicators, system conditions, scenario outputs, uncertainty, evidence gaps, and public-safe learning without issuing public warnings, public health orders, emergency commands, regulatory findings, or operational instructions.

8.14.4(f) Public trust Verifiable Intelligence may address claims discipline, evidence integrity, public-safe communication, misinformation-adjacent risks, public authority boundaries, sponsor and provider influence, confidence, uncertainty, correctionability, and institutional trust safeguards.

8.14.4(g) Exponential technology Verifiable Intelligence may address AI, AI-RAN, blockchain, DLT, Web3, quantum-relevant systems, HPC, sovereign compute, cyber, robotics, drones, sensing, Earth observation, geospatial systems, digital twins, biosecurity, climate technologies, energy technologies, advanced manufacturing, semiconductors, and related convergent systems within controlled vocabulary, method, safeguard, and boundary discipline.

8.14.4(h) Verifiable Intelligence in all domains under this section shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.14.4(i) The controlling rule shall be that Verifiable Intelligence may cover high-consequence domains only by strengthening evidence, public-safe learning, and correction, never by becoming the authority that acts on the intelligence.

***

8.14.5 Verifiable Intelligence for Public Authority Learning Without Public Authority Delegation.\
8.14.5(a) GCRI Canada may produce Verifiable Intelligence for public authority learning, evidence literacy, technical literacy, AI literacy, cyber literacy, systems-risk understanding, scenario learning, public-safe interpretation, and capacity-building without public authority delegation.

8.14.5(b) Public authority learning Verifiable Intelligence shall identify audience, public authority capacity classification, source records, method records, data status, public authority data status, confidence, uncertainty, limitations, public-safe status, access class, handling class, permitted use, prohibited use, non-delegation language, non-endorsement language, non-procurement language, non-warning language, non-regulatory language, non-funding language, non-public-finance language, and correction path.

8.14.5(c) Public authority learning Verifiable Intelligence shall not create official guidance, public authority decision, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, public health order, public safety directive, compliance determination, enforcement position, safe harbor, permit, license, public adoption, sovereign obligation, or delegated public power.

8.14.5(d) Public authority names, logos, titles, quotes, photos, agency references, jurisdiction references, regulator-listening references, emergency-management references, public finance references, procurement references, and public-sector data references shall be used only under approved reference controls.

8.14.5(e) Where public authority learning Verifiable Intelligence is used by a public authority in its own process, GCRI Canada shall preserve the distinction between evidence support and public authority action, and the public authority shall remain responsible for its own lawful decisions, records, duties, and accountability.

8.14.5(f) Public authority learning Verifiable Intelligence shall not be structured to pressure, steer, pre-decide, simulate, replace, or publicly imply the outcome of a public authority decision.

8.14.5(g) Where public authority learning Verifiable Intelligence is misused as official guidance, public authority approval, public warning, emergency command, procurement approval, funding approval, public finance approval, regulatory determination, or sovereign obligation, GCRI Canada shall correct, clarify, restrict, withdraw, reissue, or notify affected public authority interfaces where appropriate.

8.14.5(h) The controlling rule shall be that Verifiable Intelligence may improve public authority learning, but public authority remains with public authorities.

***

8.14.6 Verifiable Intelligence for GRF, GRA, Protocol Authority, Nexus Network, Nexus Universe, Nexus Observatory, Nexus Rails, Nexus Grid, and Nexus Academy Inputs Within Boundary Controls.\
8.14.6(a) GCRI Canada may produce Verifiable Intelligence as input to The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards / Protocol Authority, Nexus Network, Nexus Universe, Nexus Observatory, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, Global Nexus Consortium, Regional Nexus Consortiums, National Nexus Consortiums, National Working Groups, National Companies, Project SPVs, public authorities, providers, hosts, universities, communities, and other Nexus-compatible actors within boundary controls.

8.14.6(b) Verifiable Intelligence for GRF shall remain evidence, methods, claims-discipline, Docket, Grid, maturity-context, recognition-supporting, public-safe reporting, and correction input only. It shall not constitute GRF recognition, standing, maturity record, claims approval, stakeholder formation, registry status, public-facing legitimacy, or public-safe reporting status by GCRI Canada.

8.14.6(c) Verifiable Intelligence for GRA shall remain risk evidence, resilience evidence, host readiness evidence, node evidence, Proof Pack component, insurance-readiness input, capital-reader literacy input, RNFD input, NFD input, UNFSD input, Rails handoff, and correction input only. It shall not constitute finance-readiness, capital-readiness, insurance-readiness, investment advice, lending, underwriting, rating, guarantee, public finance approval, bankability, fundability, or capital commitment by GCRI Canada.

8.14.6(d) Verifiable Intelligence for Nexus Standards / Protocol Authority shall remain evidence, method, ontology, controlled vocabulary, technical baseline, schema, API, conformance-supporting, proof-receipt-supporting, benchmark-supporting, and correction input only. It shall not constitute protocol effect, certification, conformance determination, role key, smart license, entitlement state, external force, legal validity, or operational clearance by default.

8.14.6(e) Verifiable Intelligence for Nexus Observatory shall remain observability evidence, signal interpretation, dashboard method, map method, resilience indicator, degraded-mode, node, cluster, hotspot, public-safe Observatory, and correction input only. It shall not constitute surveillance authority, public warning, emergency command, infrastructure operation, public authority decision, provider endorsement, sponsor approval, or execution consequence by default.

8.14.6(f) Verifiable Intelligence for Nexus Rails shall remain routing, translation, evidence-handoff, public-safe-handoff, finance-boundary, standards-boundary, public authority learning, GRF, GRA, Protocol Authority, National Company, Project SPV, provider, host, community, and correction support only. It shall not constitute execution, finance-readiness, procurement approval, investment advice, provider endorsement, public authority decision, or capital commitment.

8.14.6(g) Verifiable Intelligence for Nexus Grid and Nexus Academy shall remain maturity-context input, evidence literacy input, training input, public-safe learning input, and correction input only. It shall not create recognition, certification, credential, professional licensure, public authority qualification, provider approval, procurement status, finance-readiness, or execution readiness by default.

8.14.6(h) Verifiable Intelligence for Nexus Network and Nexus Universe shall preserve convening, learning, interoperability, public-safe narrative, stakeholder literacy, and public-good context without creating legal merger, shared liability, public authority meaning, sponsor control, provider preference, finance consequence, recognition, certification, protocol effect, or execution consequence.

8.14.6(i) Where Verifiable Intelligence crosses any Nexus interface, GCRI Canada shall preserve role, record, review, audience, boundary language, access class, handling class, confidence, uncertainty, limitations, dependency tracking, and correction path.

8.14.6(j) The controlling rule shall be that Verifiable Intelligence may serve many Nexus interfaces only by remaining an input within boundary controls, not an output that collapses institutional roles.

***

8.14.7 Verifiable Intelligence as Challengeable, Correctionable, Supersession-Aware, and Limitation-Aware.\
8.14.7(a) Verifiable Intelligence shall be challengeable, correctionable, supersession-aware, withdrawal-aware, retraction-aware where applicable, limitation-aware, confidence-aware, uncertainty-aware, classification-aware, public-safe-aware, and dependency-aware.

8.14.7(b) Challengeability shall require that authorized reviewers, affected persons, data stewards, evidence stewards, method stewards, model stewards, public-safe reviewers, public authority participants, community participants, Indigenous or local knowledge holders, GRF, GRA, Protocol Authority, Nexus entities, providers, sponsors, hosts, universities, or other credible challengers may raise challenges through appropriate pathways.

8.14.7(c) Correctionability shall require that Verifiable Intelligence may be corrected, confidence-changed, uncertainty-changed, reclassified, restricted, downgraded, suspended, reinstated, superseded, withdrawn, retracted, retired, archived, and notified to affected downstream dependencies where appropriate.

8.14.7(d) Supersession awareness shall require that Verifiable Intelligence identify prior versions, superseding versions, continuing validity where any, discontinued reliance where any, changed evidence, changed method, changed model, changed confidence, changed uncertainty, changed classification, changed public-safe status, and changed boundary language.

8.14.7(e) Limitation awareness shall require that Verifiable Intelligence identify source limits, data limits, method limits, model limits, AI limits, digital twin limits, simulation limits, dashboard limits, map limits, temporal limits, spatial limits, jurisdictional limits, public authority limits, community limits, protected knowledge limits, finance-boundary limits, provider-neutrality limits, sponsor non-control limits, and downstream-use limits where material.

8.14.7(f) Verifiable Intelligence shall not be treated as more reliable because it appears in polished reports, dashboards, maps, AI-generated summaries, public-safe publications, controlled rooms, public authority learning materials, finance-facing materials, Nexus materials, or technical baselines unless the underlying records support the meaning asserted.

8.14.7(g) Where Verifiable Intelligence cannot be challenged, corrected, superseded, limited, or traced at a level proportionate to risk, GCRI Canada shall hold, restrict, reclassify, downgrade, redesign, withdraw, or refuse the output.

8.14.7(h) The controlling rule shall be that Verifiable Intelligence is trustworthy only if it can be challenged, changed, limited, and corrected without erasing institutional memory.

***

8.14.8 Verifiable Intelligence as Non-Advisory, Non-Certifying, Non-Rating, Non-Guaranteeing, and Non-Executing by Default.\
8.14.8(a) Verifiable Intelligence shall be non-advisory, non-certifying, non-rating, non-guaranteeing, non-financial, non-procurement, non-public-authority, non-recognition, non-protocol-effect, non-provider-endorsement, non-sponsor-approval, non-public-warning, non-emergency-command, and non-executing by default.

8.14.8(b) No Verifiable Intelligence output shall create investment advice, securities recommendation, legal advice, engineering advice, medical advice, insurance advice, lending advice, procurement advice, regulated professional advice, certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.14.8(c) Verifiable Intelligence shall not be marketed, sold, licensed, packaged, or described as credit rating, investment rating, insurance rating, resilience rating, technology rating, provider rating, safety approval, security approval, compliance approval, public authority approval, procurement qualification, finance-readiness determination, bankability determination, fundability determination, guarantee, underwriting approval, lending approval, public finance approval, public warning, operational clearance, or execution readiness.

8.14.8(d) Public-good intelligence value shall not be converted into private-market authority, regulated advice, provider preference, sponsor control, public authority decision, GRF recognition, GRA finance-readiness, Protocol Authority effect, public warning, emergency command, or execution consequence by implication.

8.14.8(e) Sponsor support, provider participation, host support, public authority attendance, capital-reader interest, media coverage, public dashboard visibility, technical sophistication, confidence score, model evaluation, compute audit trail, or Nexus interface use shall not convert Verifiable Intelligence into advice, certification, rating, guarantee, finance-readiness, public authority approval, or execution.

8.14.8(f) Where Verifiable Intelligence is used or described as advisory, certifying, rating-like, guaranteeing, financial, public-authority-approved, procurement-relevant, provider-endorsing, sponsor-approving, protocol-effective, recognition-creating, warning-issuing, command-issuing, or execution-ready, GCRI Canada shall require correction, removal, withdrawal, retraction, public-safe clarification, controlled notice, interface suspension, contract remedy, or legal action where appropriate.

8.14.8(g) Any downstream advice, certification, rating, guarantee, finance decision, public authority decision, procurement decision, protocol effect, recognition, or execution consequence shall arise only through the competent actor’s own lawful process and record, not through GCRI Canada Verifiable Intelligence by default.

8.14.8(h) The controlling rule shall be that Verifiable Intelligence may inform understanding, but it shall not become advice, approval, rating, guarantee, authority, or execution by implication.

***

8.14.9 Verifiable Intelligence Records as Material Evidence Records.\
8.14.9(a) Verifiable Intelligence records shall be treated as material evidence records where they materially support GCRI Canada outputs, Nexus Truth Engine outputs, Nexus Observatory outputs, public-safe outputs, controlled-room outputs, Evidence Packs, Decision Packs, dashboards, maps, APIs, datasets, technical baselines, public-good software outputs, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority support, Rails handoffs, Grid records, Academy materials, provider materials, sponsor materials, host materials, community-facing materials, media materials, or public claims.

8.14.9(b) Verifiable Intelligence records shall identify intelligence title or identifier, purpose, scope, audience, owner, custodian, steward, source records, data lineage records, method records, model records, compute workload records where applicable, reviewer records, evidence class, data class, technology domain, risk domain, version, status, classification, access class, handling class, public-safe status, finance-safe status where material, public authority-facing status where material, confidence, uncertainty, limitations, assumptions, proxies, gaps, inference chains, permitted use, prohibited use, boundary language, correction path, supersession path, withdrawal path, retraction path where applicable, archive path, and dependency links.

8.14.9(c) Verifiable Intelligence records shall distinguish internal intelligence records, controlled-room intelligence records, public-safe intelligence records, public authority learning intelligence records, GRF input intelligence records, GRA input intelligence records, Protocol Authority input intelligence records, Observatory intelligence records, Rails intelligence records, Grid intelligence records, Academy intelligence records, correction intelligence records, superseded intelligence records, withdrawn intelligence records, retracted intelligence records, restricted intelligence records, and archived intelligence records.

8.14.9(d) Verifiable Intelligence records shall be linked, where applicable, to Evidence Register entries, Method Register entries, Dataset Register entries, Model Register entries, Observability Register entries, Ontology and Controlled Vocabulary Register entries, Compute Workload Records, Compute Environment Records, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.14.9(e) Verifiable Intelligence records shall preserve source protection, protected participation, privacy, cybersecurity, sovereign data, public authority restrictions, protected knowledge safeguards, community safeguards, finance-safe treatment, provider neutrality, sponsor non-control, public-safe publication, and correctionability.

8.14.9(f) Verifiable Intelligence records shall not be silently deleted, overwritten, or obscured except where legally required or necessary to protect persons, communities, public authorities, privacy, cybersecurity, protected knowledge, lawful confidentiality, privilege, or safety.

8.14.9(g) Verifiable Intelligence records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.14.9(h) The controlling rule shall be that Verifiable Intelligence records are material evidence records because intelligence that cannot be found, sourced, reviewed, limited, challenged, corrected, or traced is not verifiable.

***

8.14.10 Verifiable Intelligence Correction and Public-Safe Re-Issue.\
8.14.10(a) GCRI Canada shall correct and, where appropriate, reissue Verifiable Intelligence that is inaccurate, incomplete, misleading, stale, misclassified, overclaimed, source-defective, data-defective, method-defective, model-defective, compute-defective, confidence-defective, uncertainty-defective, limitation-defective, public-safe defective, public authority-defective, finance-boundary defective, provider-neutrality defective, sponsor-control defective, protected-knowledge defective, community-safeguard defective, or no longer fit for purpose.

8.14.10(b) Correction shall apply to internal Verifiable Intelligence, controlled-room Verifiable Intelligence, public-safe Verifiable Intelligence, public authority learning intelligence, GRF input intelligence, GRA input intelligence, Protocol Authority input intelligence, Observatory intelligence, Risk Management intelligence, Rails intelligence, Grid intelligence, Academy intelligence, dashboards, maps, APIs, datasets, Evidence Packs, Decision Packs, technical annexes, public-safe reports, controlled annexes, media materials, and public claims.

8.14.10(c) Correction may include source correction, data correction, method correction, model correction, compute correction, confidence change, uncertainty change, limitation revision, classification change, access restriction, public-safe relabeling, boundary-language revision, downgrade, suspension, reinstatement, supersession, withdrawal, retraction, archive update, dependency review, public-safe notice, controlled notice, and training or method update.

8.14.10(d) Public-safe re-issue shall be used where corrected Verifiable Intelligence can safely and lawfully replace a prior public-safe output. Re-issued outputs shall identify, where appropriate, version relationship, correction basis, effective date, scope of change, continuing limitations, revised confidence, revised uncertainty, revised public-safe status, revised boundary language, permitted use, prohibited use, affected dependencies, and archive link to prior versions.

8.14.10(e) Controlled re-issue shall be used where corrected Verifiable Intelligence can safely and lawfully replace a prior controlled-room or restricted output only for authorized recipients. Controlled re-issue shall preserve access restrictions, confidentiality, public authority restrictions, finance-sensitive restrictions, protected knowledge safeguards, source protection, and correction path.

8.14.10(f) Where Verifiable Intelligence has been publicly overclaimed, publicly misread, used to imply public warning, emergency command, public authority decision, finance-readiness, investment advice, certification, recognition, protocol effect, procurement approval, provider endorsement, sponsor approval, rating, guarantee, operational clearance, or execution consequence, GCRI Canada shall consider public-safe correction notice, controlled notice, withdrawal, retraction, removal of misleading references, interface suspension, or legal action where appropriate.

8.14.10(g) Re-issued Verifiable Intelligence shall not be represented as new, clean, certified, recognized, finance-ready, public-authority-approved, procurement-approved, provider-endorsed, sponsor-approved, protocol-effective, operationally cleared, guaranteed, risk-free, final, official, or execution-ready merely because it has been corrected and reissued.

8.14.10(h) Correction and re-issue records shall be linked to affected Verifiable Intelligence records, Evidence Register entries, Method Register entries, Dataset Register entries, Model Register entries, Compute Workload Records, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.14.10(i) The controlling rule shall be that Verifiable Intelligence remains verifiable only if it can be corrected and reissued in a manner that preserves public-safe meaning, institutional memory, downstream dependency awareness, and trust.

### 8.15 Verifiable Intelligence Records

8.15.1 Intelligence Record Identity, Purpose, Scope, Audience, Handling Class, and Boundary Language.\
8.15.1(a) GCRI Canada shall require a Verifiable Intelligence Record for each material intelligence output, intelligence summary, intelligence note, source-comparison output, evidence synthesis, model-assisted analysis, compute-assisted analysis, Observatory-derived intelligence output, Truth Engine-derived intelligence output, public-safe intelligence summary, controlled intelligence annex, technical baseline input, Docket input, Grid input, GRF input, GRA input, Protocol Authority input, public authority learning material, dashboard-derived intelligence material, map-derived intelligence material, AI-RAN / O-RAN / DePIN evidence synthesis, cyber-physical intelligence output, digital twin intelligence output, or other intelligence-like artifact produced, received, relied upon, routed, published, or maintained by GCRI Canada where the output may materially affect evidence, public claims, public-safe publication, public authority materials, institutional records, technical baselines, Nexus interface records, or downstream dependency.

8.15.1(b) Each Verifiable Intelligence Record shall identify the record title or identifier, originating person or team, steward, custodian, creation date, version, status, purpose, scope, subject matter, intended audience, permitted audience, prohibited audience where applicable, handling class, access class, data class, evidence class, output class, public-safe status, restricted annex status, controlled annex status, legal hold status where any, retention class, and correction path.

8.15.1(c) The purpose field shall state whether the record is intended for internal learning, evidence synthesis, source comparison, public-safe publication support, Observatory support, Truth Engine support, technical baseline support, Docket support, Grid support, GRF support, GRA support, Protocol Authority support, public authority learning, community review, controlled-room review, data-room review, academic or research support, Board or committee awareness, incident review, assurance review, or other bounded purpose.

8.15.1(d) The scope field shall identify what the record covers and what it does not cover, including temporal scope, geographic scope, technology scope, evidence scope, model or system scope, public authority scope, community scope, data scope, source scope, known exclusions, known limitations, assumptions, and conditions under which the record may no longer be reliable.

8.15.1(e) The audience field shall distinguish internal readers, technical reviewers, public-safe reviewers, public authority readers, GRF readers, GRA readers, Protocol Authority readers, National Company readers, Project SPV readers, provider readers, sponsor readers, host readers, community readers, university readers, capital readers, media readers, and public readers, and shall specify any audience-specific limits or redactions.

8.15.1(f) Boundary language shall state, where material, that the Verifiable Intelligence Record is an evidence, methods, source-lineage, confidence, uncertainty, and correction record and does not by itself create official truth, public authority decision, public warning, emergency command, finance-readiness, investment advice, insurance approval, lending decision, rating, guarantee, certification, recognition, maturity record, claims approval, procurement approval, provider preference, sponsor approval, host approval, operator instruction, protocol effect, Nexus-compatible status, deployment approval, operational clearance, market authority, infrastructure operation, or execution consequence by GCRI Canada.

8.15.1(g) Where the Verifiable Intelligence Record is routed to another institution or actor, the record shall identify the receiving actor’s role and shall state that any downstream recognition, finance-readiness, protocol effect, public authority action, procurement action, certification, operational action, or execution action must arise only from the competent actor’s own authority, process, records, accountability, and correction path.

8.15.1(h) The controlling rule shall be that every material intelligence output must have an identity, purpose, scope, audience, handling class, and boundary record before it is relied upon as institutional evidence.

***

8.15.2 Source Lineage, Evidence Inputs, Method Notes, Model / AI Use, Compute Workload Records, and Reviewer Records.\
8.15.2(a) Each Verifiable Intelligence Record shall include source lineage sufficient to identify the materials, records, datasets, models, public sources, restricted sources, Observatory sources, Truth Engine sources, compute outputs, dashboards, maps, reports, interviews, field observations, sensor records, AI-RAN / O-RAN records, DePIN records, cyber telemetry, digital twin outputs, public authority materials, community materials, provider materials, sponsor materials, host materials, operator materials, academic materials, and prior GCRI Canada records relied upon.

8.15.2(b) Source lineage shall identify, where material, source title or identifier, source steward, source custodian, source date, source version, source location, source rights, license, public-safe status, handling class, data class, evidence class, access limits, reliability notes, limitations, known disputes, correction status, supersession status, withdrawal status, and whether the source is primary, secondary, derivative, inferred, synthetic, model-generated, human-generated, machine-generated, or mixed.

8.15.2(c) Evidence inputs shall be recorded with sufficient specificity to allow later review, correction, dependency tracing, and re-issue. Evidence inputs shall identify whether they are direct evidence, corroborating evidence, contradictory evidence, missing evidence, disputed evidence, confidence-shaping evidence, limitation-shaping evidence, public-safe exclusion, controlled annex material, restricted annex material, or background context.

8.15.2(d) Method notes shall describe the methods used to collect, compare, classify, filter, corroborate, compute, model, summarize, infer, visualize, map, dashboard, benchmark, or synthesize the record, including any source-comparison rules, confidence rules, uncertainty rules, contradiction rules, missing-data treatment, public-safe transformation, redaction, aggregation, generalization, or controlled annex separation.

8.15.2(e) Model and AI use shall be recorded where any AI, machine learning model, retrieval system, embedding system, vector store, prompt, agentic tool, automated classifier, digital twin, simulation model, ranking model, translation model, summarization model, reasoning model, or other automated system materially assisted the intelligence output. The record shall identify the model or system, version where known, provider where relevant, prompt or query class, retrieval context, source materials, output used, human review performed, known limitations, and correction path.

8.15.2(f) Compute workload records shall be linked where compute materially affected the output, including workload identifier, environment, jurisdiction or location where material, provider or custodian, access controls, input data class, output data class, logs where required, proof receipts where any, hashing or signing where used, timestamp, reproducibility status where applicable, and correction path.

8.15.2(g) Reviewer records shall identify reviewers, review roles, qualifications or competence basis where material, review date, review scope, conflicts disclosed, recusals where any, reviewer notes, unresolved issues, approval status, rejection status, correction requirements, public-safe review requirements, and closeout.

8.15.2(h) The controlling rule shall be that intelligence is verifiable only when its sources, methods, AI use, compute path, and reviewers can be traced without relying on institutional memory.

***

8.15.3 Confidence, Uncertainty, Limitations, Missing Data, Disputed Evidence, and Caveats.\
8.15.3(a) Each Verifiable Intelligence Record shall include confidence, uncertainty, limitation, missing-data, disputed-evidence, caveat, and reliability treatment proportionate to the materiality, sensitivity, public-facing risk, public authority relevance, community relevance, protected knowledge relevance, cyber or infrastructure sensitivity, finance-facing relevance, protocol-facing relevance, and downstream dependency of the record.

8.15.3(b) Confidence treatment shall identify the basis for confidence, including source quality, source independence, source consistency, corroboration, recency, completeness, directness, measurement quality, calibration status, compute reproducibility, model performance, reviewer confidence, known error rates where available, and public-safe fitness for purpose.

8.15.3(c) Uncertainty treatment shall identify uncertainty sources, including incomplete evidence, stale evidence, contradictory evidence, model uncertainty, measurement uncertainty, sensor uncertainty, geospatial uncertainty, timing uncertainty, location uncertainty, translation uncertainty, classification uncertainty, public authority context uncertainty, community context uncertainty, protected knowledge limits, and unknown dependency effects.

8.15.3(d) Limitations shall be stated expressly and shall include any limits on scope, data, sources, methods, models, compute environments, assumptions, geographic coverage, temporal coverage, public-safe transformations, redactions, aggregation, generalization, controlled annex separation, restricted annex separation, and downstream use.

8.15.3(e) Missing data shall be identified where material, including what data is missing, why it is missing where known, whether the absence affects confidence, whether the absence is due to legal limits, privacy limits, public authority restrictions, community safeguards, protected knowledge restrictions, cybersecurity limits, infrastructure sensitivity, finance sensitivity, commercial sensitivity, export-control limits, sanctions limits, controlled-technology limits, source unavailability, degraded-mode conditions, or methodological choice.

8.15.3(f) Disputed evidence shall be identified where material, including the nature of the dispute, sources in tension, competing interpretations, affected claims, confidence impact, reviewer notes, unresolved questions, and whether the disputed evidence is excluded, included with caveat, routed to controlled annex, routed to restricted annex, or withheld from public-safe summary.

8.15.3(g) Caveats shall be clear enough to prevent false precision, false certainty, false authority, false public warning, false finance meaning, false procurement meaning, false certification meaning, false recognition meaning, false protocol meaning, false provider preference, false sponsor validation, false host approval, false operator instruction, or false execution meaning.

8.15.3(h) Confidence scores, uncertainty statements, limitations, caveats, corroboration results, source comparisons, and disputed evidence notes shall not create official truth, public authority meaning, finance-readiness, recognition, certification, procurement approval, provider preference, protocol effect, public warning, emergency command, or execution consequence by default.

8.15.3(i) The controlling rule shall be that a Verifiable Intelligence Record must disclose not only what is believed, but how strongly, why, with what gaps, and under what limits.

***

8.15.4 Public Authority, Community, Indigenous, Protected Knowledge, Privacy, Cybersecurity, and Public-Safe Review Where Applicable.\
8.15.4(a) Each Verifiable Intelligence Record shall receive public authority, community, Indigenous, protected knowledge, privacy, cybersecurity, sovereign data, infrastructure-sensitive, finance-sensitive, commercial-sensitive, export-control, sanctions, controlled-technology, and public-safe review where applicable to the record’s source materials, evidence inputs, outputs, audience, distribution, publication, interface routing, or downstream dependency.

8.15.4(b) Public authority review shall assess whether the record includes public authority data, public authority system materials, agency references, jurisdiction references, public authority names, logos, titles, quotes, attendance, access records, dashboard materials, maps, emergency-management materials, regulator-listening materials, public finance reader materials, public infrastructure materials, public health materials, public safety materials, or other public authority-sensitive content.

8.15.4(c) Public authority review shall preserve capacity classification, reference permissions, non-delegation, non-endorsement, no-official-guidance, no-regulatory-determination, no-compliance-determination, no-public-warning-by-GCRI, no-emergency-command-by-GCRI, no-procurement-by-GCRI, no-funding-by-GCRI, no-public-finance-by-GCRI, no-certification-by-GCRI, no-recognition-by-GCRI, no-finance-readiness-by-GCRI, no-protocol-effect-by-GCRI unless separately created by competent authority, and no-execution-by-GCRI language.

8.15.4(d) Community, Indigenous, local, territorial, environmental, cultural, and protected knowledge review shall assess whether the record contains or could reveal protected knowledge, community-protected information, cultural sites, sacred sites, sensitive locations, vulnerable persons, vulnerable communities, protected ecological knowledge, local context, territorial knowledge, non-public community information, attribution-sensitive material, consent or non-consent conditions, withdrawal pathways, grievance pathways, or remedy pathways.

8.15.4(e) Privacy review shall assess personal information, health-sensitive information, rights-bearing information, protected participant information, whistleblower information, demographic information, location information, device information, access logs, inference records, prompts, retrieval records, embeddings, dashboard exports, map layers, model outputs, and any re-identification, linkage, mosaic, or group-harm risk.

8.15.4(f) Cybersecurity and infrastructure-sensitive review shall assess whether the record contains or could reveal vulnerabilities, exploit paths, credentials, keys, tokens, secrets, network topology, security controls, sensor placement, facility information, AI-RAN / O-RAN telemetry, DePIN proofs, digital twin sensitive details, degraded-mode indicators, incident details, or other harm-enabling information.

8.15.4(g) Public-safe review shall determine whether the record may be externally released as a public-safe summary, may be shared only through a controlled annex, may be shared only through a restricted annex, may be reviewed only in a controlled room, clean room, data room, evidence room, secure enclave, compute-to-data environment, or no-download room, or shall not be externally released.

8.15.4(h) The controlling rule shall be that intelligence records may not become public or broadly distributed merely because they are useful; they must be reviewed against the rights, authorities, communities, systems, and harms they touch.

***

8.15.5 AI-Assisted Intelligence Requirements.\
8.15.5(a) Where AI materially assists in producing, summarizing, translating, classifying, ranking, retrieving, comparing, reasoning over, mapping, visualizing, forecasting, simulating, drafting, or reviewing a Verifiable Intelligence Record, the record shall be treated as AI-assisted intelligence and shall comply with model governance, inference record, human review, source-lineage, public-safe, privacy, cybersecurity, protected knowledge, and correction requirements.

8.15.5(b) AI-assisted intelligence records shall identify the AI system or model used, version where known, provider or environment where material, user or operator, date and time, prompt or query class, retrieval context, source materials exposed to the model, input data class, output data class, compute environment where material, tools used, agentic features used where any, output relied upon, output rejected where material, and human review performed.

8.15.5(c) AI-assisted intelligence shall not be relied upon for material institutional use unless source citations or source lineage are reviewed, hallucination risk is assessed, unsupported claims are removed or marked, AI-generated uncertainty is reviewed, limitations are added where required, and human accountability is preserved.

8.15.5(d) AI-assisted intelligence shall not be used to process personal data, public authority restricted data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, finance-sensitive data, commercially sensitive data, community-protected data, Indigenous or protected knowledge, credentials, keys, tokens, secrets, controlled technology, export-control-sensitive materials, sanctions-sensitive materials, or other restricted materials except under recorded authority, approved environment, access controls, and safeguards.

8.15.5(e) AI-assisted intelligence shall be reviewed for hallucination, fabricated sources, source misattribution, source omission, bias, discrimination, exclusion, translation drift, legal meaning drift, public authority confusion, finance overclaim, procurement implication, certification implication, recognition implication, protocol implication, provider preference, sponsor validation, host approval implication, operator instruction implication, protected knowledge exposure, privacy risk, cybersecurity risk, and unsafe public meaning.

8.15.5(f) Agentic AI shall not autonomously publish, externally communicate, move restricted data, execute code affecting material systems, modify repositories, alter records, approve releases, delete records, contact public authorities, create financial references, modify security settings, or bind GCRI Canada in connection with a Verifiable Intelligence Record except under approved tool permissions, human approval gates, logs, containment controls, and non-binding boundary rules.

8.15.5(g) AI outputs shall not create official truth, institutional decision, public authority meaning, public warning, finance-readiness, certification, recognition, procurement approval, provider preference, protocol effect, legal status, market authority, infrastructure operation, or execution consequence by default.

8.15.5(h) The controlling rule shall be that AI may assist intelligence only when the record shows what the AI touched, what humans checked, what sources support the result, what limitations remain, and how correction will occur.

***

8.15.6 Human Review and Approval Where Material.\
8.15.6(a) Material Verifiable Intelligence Records shall require human review before institutional reliance, external distribution, public-safe publication, interface routing to GRF, GRA, Protocol Authority, public authorities, National Companies, Project SPVs, providers, hosts, communities, capital readers, media, or other external actors, or use as input to technical baselines, dashboards, maps, APIs, Docket materials, Grid materials, Rails materials, Observatory materials, Truth Engine materials, Academy materials, or Board or committee materials.

8.15.6(b) Human review shall be performed by qualified reviewers with competence appropriate to the record’s subject matter, evidence class, data class, public-safe status, public authority relevance, community relevance, protected knowledge relevance, cyber or infrastructure sensitivity, finance-facing risk, procurement-facing risk, protocol-facing risk, AI-use risk, and publication risk.

8.15.6(c) Human review shall assess source accuracy, source lineage, citability, method adequacy, confidence treatment, uncertainty treatment, limitation treatment, missing-data treatment, disputed-evidence treatment, public-safe treatment, AI-use treatment, compute record sufficiency, rights and license issues, privacy, cybersecurity, sovereign data, protected knowledge, public authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, protocol boundaries, and correction path.

8.15.6(d) Reviewers shall disclose conflicts, including provider relationships, sponsor relationships, host relationships, operator relationships, public authority roles, finance roles, procurement roles, commercial interests, IP interests, personal relationships, institutional interests, and any circumstance that may affect independence or public trust.

8.15.6(e) Reviewers shall recuse where conflict, lack of competence, prior involvement, confidentiality limitation, or other circumstance would materially impair independent review, public-safe judgment, source-lineage judgment, boundary judgment, or correction judgment.

8.15.6(f) Approval shall be recorded with scope and limits. Approval of a Verifiable Intelligence Record shall not mean approval for all audiences, all uses, all releases, all public claims, all dashboards, all maps, all APIs, all publications, all downstream interfaces, or all future versions unless expressly recorded.

8.15.6(g) Review and approval records shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, host approval, operator approval, protocol effect, public warning, emergency command, legal determination except as expressly and lawfully recorded, deployment approval, operational clearance, infrastructure operation, or execution consequence by default.

8.15.6(h) The controlling rule shall be that material intelligence must remain human-accountable even when sources, computation, AI systems, and dashboards contribute to it.

***

8.15.7 Public-Safe Summary and Controlled Annex Separation.\
8.15.7(a) GCRI Canada shall separate public-safe summaries from controlled annexes and restricted annexes for Verifiable Intelligence Records where source materials, evidence inputs, reviewer notes, compute details, public authority materials, personal information, health-sensitive information, cyber-sensitive information, infrastructure-sensitive information, finance-sensitive information, commercially sensitive information, community-protected information, Indigenous or protected knowledge, controlled technology, export-control-sensitive materials, sanctions-sensitive materials, provider-sensitive materials, sponsor-sensitive materials, host-sensitive materials, operator-sensitive materials, or other restricted materials cannot be safely released broadly.

8.15.7(b) A public-safe summary shall provide enough context to support public-good understanding, evidence transparency where appropriate, public trust, correctionability, and boundary clarity without exposing restricted sources, sensitive locations, protected persons, protected knowledge, vulnerabilities, public authority restricted materials, confidential materials, or harm-enabling detail.

8.15.7(c) A controlled annex may contain materials suitable for defined audiences under access controls, confidentiality, handling rules, data-room rules, controlled-room rules, public authority restrictions, community safeguards, protected knowledge controls, no-download controls where appropriate, public-safe limits, and correction obligations.

8.15.7(d) A restricted annex shall be used where materials require strict access limits, including protected knowledge, public authority restricted materials, cyber-sensitive materials, infrastructure-sensitive materials, personal or health-sensitive materials, controlled technology, secrets, credentials, vulnerabilities, whistleblower materials, protected participant materials, or other high-risk materials.

8.15.7(e) Public-safe summaries shall identify public-safe status, version, date, purpose, scope, limitations, confidence, uncertainty, known omissions, controlled annex existence where safe to disclose, restricted annex existence where safe to disclose, correction path, supersession path, withdrawal path, and boundary language.

8.15.7(f) Controlled annexes and restricted annexes shall identify access class, handling class, permitted users, prohibited users, permitted uses, prohibited uses, retention, deletion, sealing, legal hold where any, no-download status where any, AI-use restrictions, publication restrictions, onward-transfer restrictions, and correction path.

8.15.7(g) Separation of public-safe summary and controlled or restricted annexes shall not be used to distort evidence, hide correction obligations, suppress unfavorable findings, conceal sponsor influence, conceal provider influence, imply false certainty, or create misleading public meaning.

8.15.7(h) The controlling rule shall be that public-safe summaries must be safe enough to publish and honest enough not to mislead, while controlled and restricted annexes preserve the evidence needed for review and correction.

***

8.15.8 Distribution, Access, Retention, Sealing, Deletion, Archival, and Legal Hold.\
8.15.8(a) GCRI Canada shall classify distribution, access, retention, sealing, deletion, archival, and legal hold requirements for each Verifiable Intelligence Record according to record purpose, handling class, access class, data class, evidence class, output class, public-safe status, public authority status, community safeguard status, protected knowledge status, privacy sensitivity, cybersecurity sensitivity, infrastructure sensitivity, finance sensitivity, commercial sensitivity, export-control sensitivity, sanctions sensitivity, controlled-technology sensitivity, interface dependency, and correction need.

8.15.8(b) Distribution shall be limited to the audience authorized for the record’s handling class and shall preserve public-safe status, controlled annex limits, restricted annex limits, confidentiality, source protection, public authority restrictions, community safeguards, protected knowledge controls, license restrictions, data rights, AI-use restrictions, and public claims controls.

8.15.8(c) Access shall be role-based, least-privilege, purpose-bound, time-limited where appropriate, logged where material, revocable, classification-aware, handling-class-aware, public-safe-aware, rights-aware, cybersecurity-aware, public-authority-bounded, community-safeguarded, protected-knowledge-safe, finance-safe, procurement-safe, protocol-boundary-safe, provider-neutral, sponsor-independent, and correctionable.

8.15.8(d) Retention shall be sufficient to support evidence integrity, audit, assurance, correction, dependency tracing, public-safe publication, interface accountability, legal compliance, and institutional memory, while respecting minimization, privacy, data protection, public authority restrictions, community safeguards, protected knowledge restrictions, confidentiality, license limits, deletion obligations, sealing obligations, and legal holds.

8.15.8(e) Sealing shall be used where materials must be retained but access must be restricted because of law, rights, confidentiality, privacy, protected knowledge, public authority restrictions, security, investigation, incident response, legal hold, or public-safe risk.

8.15.8(f) Deletion shall occur where law, agreement, consent or non-consent treatment, privacy, data protection, protected knowledge safeguards, public authority restrictions, license terms, security controls, or correction outcomes require deletion, subject to legal hold, audit, accountability, and archive rules where applicable.

8.15.8(g) Archival shall preserve records needed for validity-by-record, correctionability, dependency tracing, public-safe accountability, interface accountability, Board or committee oversight, assurance, historical context, and institutional learning, with access restrictions appropriate to the record.

8.15.8(h) Legal hold shall suspend deletion, alteration, or ordinary destruction where required by law, dispute, investigation, audit, incident, public authority matter, rights matter, or Board or committee direction, and shall be recorded with scope, custodian, affected records, access controls, review cycle, and release conditions.

8.15.8(i) The controlling rule shall be that intelligence records must be available long enough to verify and correct, restricted enough to protect rights and safety, and disposed of only under recorded authority.

***

8.15.9 Correction, Supersession, Withdrawal, Retraction, and Re-Issue.\
8.15.9(a) GCRI Canada shall maintain correction, supersession, withdrawal, retraction, re-issue, dependency notice, interface notice, public-safe clarification, controlled notice, restricted notice, archive marking, and closeout methods for Verifiable Intelligence Records.

8.15.9(b) Correction shall be required where a record contains error, source-lineage defect, evidence defect, method defect, model defect, AI-output defect, compute record defect, reviewer defect, confidence defect, uncertainty defect, limitation defect, missing-data defect, public-safe defect, privacy defect, public authority defect, protected knowledge defect, cybersecurity defect, infrastructure-sensitive defect, finance-boundary defect, procurement-boundary defect, protocol-boundary defect, provider-neutrality defect, sponsor non-control defect, or boundary-language defect.

8.15.9(c) Supersession shall be used where a newer record replaces an earlier record because sources, evidence, methods, models, compute environments, assumptions, confidence, limitations, public-safe status, correction status, or downstream dependencies have materially changed.

8.15.9(d) Withdrawal shall be used where a record should no longer be relied upon but does not require formal retraction. Retraction shall be used where continued circulation or reliance would be materially misleading, unsafe, rights-defective, public-authority-defective, protected-knowledge-defective, security-defective, finance-overclaiming, procurement-implying, certification-implying, recognition-implying, protocol-implying, public-warning-implying, emergency-command-implying, or execution-implying.

8.15.9(e) Re-issue shall identify the prior record, corrected record, correction reason, changed sources, changed methods, changed confidence, changed uncertainty, changed limitations, changed public-safe status, changed annex treatment, changed distribution, changed boundary language, changed dependency notices, continuing validity where any, discontinued reliance where any, and archive relationship.

8.15.9(f) Where a Verifiable Intelligence Record has been routed to GRF, GRA, Protocol Authority, public authorities, National Companies, Project SPVs, providers, sponsors, hosts, operators, communities, universities, Academy materials, Docket materials, Grid materials, Rails materials, Observatory materials, Truth Engine materials, public-safe publications, dashboards, maps, APIs, media materials, or public claims, GCRI Canada shall issue correction signals or dependency notices where appropriate.

8.15.9(g) Correction records shall preserve the original record where needed for audit, legal hold, dependency tracing, and institutional accountability, while marking the record corrected, superseded, withdrawn, retracted, sealed, deleted, archived, or re-issued according to status.

8.15.9(h) Correction, supersession, withdrawal, retraction, re-issue, dependency notice, interface notice, public-safe clarification, and closeout records shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, host approval, operator approval, protocol effect, public warning, emergency command, legal determination except as expressly and lawfully recorded, infrastructure operation, or execution consequence by default.

8.15.9(i) The controlling rule shall be that intelligence remains trustworthy only when errors can be found, named, corrected, re-issued, and traced through every place the record travelled.

***

8.15.10 Verifiable Intelligence Register.\
8.15.10(a) GCRI Canada shall maintain, or cause to be maintained, a Verifiable Intelligence Register for material Verifiable Intelligence Records produced, received, routed, published, corrected, superseded, withdrawn, retracted, re-issued, sealed, deleted, archived, or relied upon by GCRI Canada.

8.15.10(b) The Verifiable Intelligence Register shall identify record title or identifier, record type, purpose, scope, audience, steward, custodian, creator, creation date, version, status, handling class, access class, data class, evidence class, output class, public-safe status, controlled annex status, restricted annex status, source-lineage status, method-note status, AI-use status, compute workload link where any, reviewer status, approval status, distribution status, retention status, legal hold status where any, correction status, supersession status, withdrawal status, retraction status, re-issue status, archive status, and closeout status.

8.15.10(c) The Register shall link, where applicable, to source records, evidence inputs, compute workload records, proof receipts, inference records, model records, dataset records, system cards, benchmark cards, Observatory records, Truth Engine records, public-safe publication records, controlled annex records, restricted annex records, reviewer records, public authority records, community safeguard records, protected knowledge records, privacy review records, cybersecurity review records, GRF interface records, GRA interface records, Protocol Authority interface records, Docket records, Grid records, Rails records, Academy records, Board or committee records, correction records, and archive records.

8.15.10(d) Register access shall be controlled according to the sensitivity of listed records. Public-safe register summaries may be published where appropriate, but shall not disclose restricted sources, personal information, protected knowledge, public authority restricted materials, cyber-sensitive materials, infrastructure-sensitive materials, finance-sensitive materials, commercially sensitive materials, legal-sensitive materials, or other restricted content.

8.15.10(e) The Register shall support assurance, audit sampling, correction tracking, dependency tracing, public-safe publication discipline, public authority boundary discipline, finance-boundary discipline, procurement neutrality, provider neutrality, sponsor non-control, Protocol Authority separation, GRF and GRA interface integrity, validity-by-record, and correctionability.

8.15.10(f) Register entries shall be updated when a record is corrected, superseded, withdrawn, retracted, re-issued, restricted, sealed, deleted, archived, placed under legal hold, released from legal hold, routed to another institution, publicly summarized, or affected by incident or assurance findings.

8.15.10(g) The Verifiable Intelligence Register, register entries, public-safe register summaries, assurance reports, audit samples, correction records, and closeout records shall not create official truth, certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, host approval, operator approval, protocol effect, public warning, emergency command, legal determination except as expressly and lawfully recorded, market authority, infrastructure operation, or execution consequence by default.

8.15.10(h) The controlling rule shall be that verifiable intelligence is not verifiable unless the institution can find the record, identify its lineage, determine its status, see its limits, trace its distribution, and correct it.

### 8.16 Model Register

8.16.1 Model Register Requirement for Material AI, ML, Statistical, Simulation, Digital Twin, Generative, Agentic, Retrieval, Embedding, Classification, Forecasting, Risk, or Inference Systems Used by GCRI Canada.\
8.16.1(a) GCRI Canada shall maintain, or cause to be maintained, a Model Register for material AI, machine learning, statistical, simulation, digital twin, generative, agentic, retrieval, embedding, classification, forecasting, risk, inference, sensor-fusion, geospatial, cyber, climate, infrastructure, resilience, public-safe communication, or other model systems used by or on behalf of GCRI Canada.

8.16.1(b) The Model Register shall apply where a model materially affects evidence creation, evidence classification, source comparison, confidence scoring, uncertainty treatment, limitation statements, public-safe classification, dashboard outputs, map outputs, Evidence Packs, Decision Packs, Verifiable Intelligence, Verifiable Compute, public-good software, open technical baselines, technical publications, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, Nexus Observatory outputs, Nexus Risk Management outputs, Nexus Rails outputs, Nexus Grid inputs, Nexus Academy materials, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, public claims, or correction workflows.

8.16.1(c) Model registration shall be required whether the model is internally developed, externally provided, open-source, proprietary, hosted, local, cloud-based, API-accessed, embedded in a platform, embedded in public-good software, used in a dashboard, used in a map, used in a digital twin, used in a benchmark, used in a controlled room, or used through a third-party service.

8.16.1(d) The Model Register shall distinguish model availability from model authorization. A model shall not be authorized for material GCRI Canada use merely because it is publicly available, commercially reputable, provider-promoted, sponsor-supported, widely used, technically advanced, benchmarked elsewhere, open-source, integrated into a platform, or convenient.

8.16.1(e) Model registration shall not convert model use into model approval, certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence.

8.16.1(f) Where a model is used experimentally, in sandbox form, or for instructional purposes only, GCRI Canada may apply proportionate registration, provided that the model shall not support material outputs unless the Model Register entry is completed or the use is otherwise made records-valid.

8.16.1(g) Where an unregistered model has materially affected a GCRI Canada output, GCRI Canada shall identify affected records, restrict or hold affected outputs where appropriate, complete registration, conduct review, correct affected outputs where required, and update downstream dependencies.

8.16.1(h) The controlling rule shall be that models must be registered because model identity, purpose, data access, evaluation, limits, risks, uses, and correction paths are necessary to preserve evidence integrity.

***

8.16.2 Model Identity, Provider, Owner, Custodian, Version, Release Status, and Deployment Context.\
8.16.2(a) Each material Model Register entry shall identify model title or identifier, model family, model type, model architecture where known and material, provider where any, developer where any, owner where known, GCRI Canada owner or responsible function, custodian, steward, integration owner where applicable, model version, release date where known, release status, deployment status, access method, and archive path.

8.16.2(b) Model type shall identify whether the model is an AI model, machine learning model, statistical model, foundation model, large language model, generative model, multimodal model, agentic system, retrieval model, embedding model, classification model, forecasting model, risk model, simulation model, digital twin model, sensor fusion model, geospatial model, cyber model, climate model, disaster model, infrastructure model, resilience model, public-safe communication model, or other model type.

8.16.2(c) Provider information shall identify whether the model is internally developed, university-developed, laboratory-developed, open-source, proprietary, public authority-provided, provider-provided, sponsor-supported, host-supported, cloud-provided, API-provided, repository-provided, National Company-provided, Project SPV-provided, or otherwise externally supplied.

8.16.2(d) Version information shall identify model version, checkpoint where applicable, release channel, update cadence where known, deprecation status, retirement status, prior version, superseding version, compatibility notes, known breaking changes, and affected outputs where material.

8.16.2(e) Release status shall distinguish proposed, experimental, sandbox, evaluation, restricted, approved for specific use, approved for controlled-room use, approved for public-safe support, production-supporting, suspended, restricted, deprecated, superseded, withdrawn, retired, archived, and prohibited models.

8.16.2(f) Deployment context shall identify whether the model is used locally, through API, in public cloud, private cloud, sovereign cloud, secure enclave, confidential computing environment, air-gapped environment, compute-to-data environment, controlled room, clean room, data room, secure research environment, edge environment, on-premise environment, repository workflow, dashboard, map, public-good software tool, or other deployment context.

8.16.2(g) Where model identity, provider, ownership, version, release status, or deployment context is incomplete, ambiguous, disputed, stale, or unreliable, GCRI Canada shall restrict, hold, qualify, or refuse material model use until the model entry is made records-valid.

8.16.2(h) The controlling rule shall be that a model cannot be responsibly used if GCRI Canada cannot identify what model it is, who provides or stewards it, what version is used, where it runs, and what status it holds.

***

8.16.3 Model Purpose, Permitted Uses, Prohibited Uses, Audience, Risk Class, and Boundary Limits.\
8.16.3(a) Each material Model Register entry shall identify model purpose, permitted uses, prohibited uses, intended audience, prohibited audience, risk class, output class compatibility, access class, handling class, public-safe status, controlled-room status where applicable, and boundary limits.

8.16.3(b) Model purpose shall identify whether the model is used for retrieval, summarization, classification, source comparison, entity resolution, contradiction detection, anomaly detection, confidence scoring, uncertainty explanation, public-safe drafting, translation support, routing support, correction support, simulation, digital twin analysis, forecasting, risk analysis, resilience analysis, geospatial analysis, sensor fusion, cyber analysis, benchmarking, evidence pack support, decision pack support, dashboard support, map support, technical baseline support, public-good software support, or training support.

8.16.3(c) Permitted uses shall be limited to the model’s recorded purpose, validated or reviewed use context, data class, evidence class, output class, audience, public-safe status, and boundary conditions.

8.16.3(d) Prohibited uses shall include any use for which the model lacks authority, evaluation, data permission, public-safe review, privacy controls, cybersecurity controls, sovereign data controls, protected knowledge safeguards, human review where material, or legal basis, and any use that would create unauthorized advice, approval, ranking, certification, recognition, finance-readiness, public authority decision, procurement preference, public warning, emergency command, operational clearance, or execution consequence.

8.16.3(e) Audience rules shall distinguish internal users, controlled-room users, public-safe audiences, public authority learning audiences, GRF-facing audiences, GRA-facing audiences, Protocol Authority-facing audiences, Observatory-facing audiences, Risk Management-facing audiences, Rails-facing audiences, Academy-facing audiences, provider-facing audiences, sponsor-facing audiences, host-facing audiences, community-facing audiences, finance-facing audiences, media-facing audiences, and public audiences.

8.16.3(f) Model risk class shall consider model capability, autonomy, agentic capacity, data sensitivity, output consequence, public-safe risk, privacy risk, cybersecurity risk, sovereign data risk, protected knowledge risk, public authority risk, finance risk, provider-neutrality risk, sponsor-control risk, hallucination risk, bias risk, drift risk, reliance risk, and downstream dependency.

8.16.3(g) Boundary limits shall state, where material, no certification, no recognition, no finance-readiness, no investment advice, no public authority decision, no procurement approval, no provider endorsement, no sponsor approval, no rating, no guarantee, no public warning, no emergency command, no protocol effect, no operational clearance, no legal status, no professional advice, no market authority, no infrastructure operation, and no execution consequence.

8.16.3(h) The controlling rule shall be that model purpose and boundaries must be fixed before use because models otherwise migrate silently from evidence support into unauthorized authority.

***

8.16.4 Model Data Access, Training Data Status Where Known, Fine-Tuning Status, Retrieval Sources, Embedding Stores, and Input Restrictions.\
8.16.4(a) Each material Model Register entry shall identify model data access, training data status where known, fine-tuning status, retrieval sources, embedding stores, input restrictions, output restrictions, data retention treatment, training-use restrictions, embedding-use restrictions, retrieval-use restrictions, transfer restrictions, and public-safe restrictions.

8.16.4(b) Training data status shall identify, where known and material, whether the model was trained on public data, licensed data, proprietary data, internal data, synthetic data, public authority data, personal information, rights-bearing data, community data, Indigenous or protected knowledge, cyber-sensitive data, infrastructure-sensitive data, controlled technology, or unknown data, and shall record limitations where such information is unavailable.

8.16.4(c) Fine-tuning status shall identify whether the model has been fine-tuned, adapted, instructed, aligned, distilled, calibrated, benchmarked, retrieved-augmented, or otherwise modified for GCRI Canada, Nexus, public authority learning, GRF support, GRA support, Protocol Authority support, Observatory support, Rails support, Academy support, provider-facing use, sponsor-facing use, or public-safe use.

8.16.4(d) Retrieval sources shall identify repositories, datasets, evidence registers, method registers, source records, public records, controlled rooms, data rooms, knowledge bases, ontology stores, controlled vocabulary stores, public authority materials, GRF interface records, GRA interface records, Protocol Authority records, Nexus interface records, provider records, sponsor records, community records, and public-safe outputs accessible to the model.

8.16.4(e) Embedding stores shall identify embedding purpose, source corpus, update frequency, retention status, access controls, public-safe status, handling class, deletion path, re-indexing path, correction path, and whether embeddings may contain or reveal restricted material, personal information, public authority data, cyber-sensitive material, infrastructure-sensitive material, sovereign data, protected knowledge, community-sensitive information, finance-sensitive material, or confidential sources.

8.16.4(f) Input restrictions shall identify prohibited inputs, including personal information, rights-bearing data, public authority restricted data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, community-protected data, Indigenous or protected knowledge, source-protected information, confidential materials, privileged materials, controlled technology, export-controlled materials, sanctions-sensitive materials, credentials, secrets, keys, tokens, and other restricted content unless authorized and controlled.

8.16.4(g) Where model data access, training data status, fine-tuning status, retrieval sources, embedding stores, or input restrictions create unresolved risk, GCRI Canada shall restrict, reconfigure, isolate, disable, narrow, review, suspend, or refuse model use.

8.16.4(h) The controlling rule shall be that model governance must know what data a model may access, what it may remember, what it may retrieve, what it may embed, and what it must never receive.

***

8.16.5 Model Evaluation, Validation, Known Limitations, Bias Risks, Drift Risks, Hallucination Risks, Security Risks, and Failure Modes.\
8.16.5(a) Each material Model Register entry shall identify model evaluation, validation, known limitations, bias risks, drift risks, hallucination risks, security risks, privacy risks, sovereign data risks, protected knowledge risks, public authority risks, finance risks, provider risks, sponsor risks, and failure modes.

8.16.5(b) Evaluation records may include benchmark cards, system cards, model cards, dataset cards, test cards, validation-sprint cards, pilot cards, demonstration cards, red-team records, safety evaluation records, public-safe evaluation records, retrieval evaluation records, classification evaluation records, inference evaluation records, dashboard evaluation records, map evaluation records, and human review records.

8.16.5(c) Validation shall be context-specific. A model validated for one evidence class, data class, technology domain, risk domain, jurisdiction, language, community context, public authority context, output class, or audience shall not be deemed validated for another without review.

8.16.5(d) Known limitations shall include, where material, source limitations, training data limitations, retrieval limitations, embedding limitations, context window limitations, temporal limitations, spatial limitations, language limitations, translation limitations, localization limitations, domain limitations, statistical limitations, simulation limitations, digital twin limitations, geospatial limitations, sensor limitations, cyber limitations, and public-safe limitations.

8.16.5(e) Bias risks shall include risks arising from training data, evaluation data, missing data, source selection, public records, language, geography, community exclusion, protected characteristics, institutional incentives, public authority context, provider materials, sponsor materials, media records, academic records, and model alignment.

8.16.5(f) Drift risks shall include data drift, model drift, concept drift, retrieval drift, embedding drift, source-corpus drift, public authority context drift, provider context drift, sponsor context drift, community context drift, legal context drift, and output-distribution drift.

8.16.5(g) Hallucination and inference risks shall include fabricated sources, false citations, unsupported summaries, overconfident classifications, missing caveats, false equivalence, unauthorized legal or financial interpretation, public authority overclaim, finance overclaim, provider preference, sponsor validation, and invented Nexus status.

8.16.5(h) Security and failure-mode risks shall include prompt injection, data exfiltration, unauthorized retrieval, credential exposure, tool misuse, agentic overreach, insecure plugins, adversarial examples, model inversion, membership inference, output leakage, unsafe code generation, dependency compromise, unsafe API calls, and failure to respect access controls.

8.16.5(i) Where evaluation identifies material risk, GCRI Canada shall apply restrictions, human review, output review, prompt or retrieval controls, model isolation, access limits, public-safe controls, downgrade, suspension, deprecation, correction, or refusal as appropriate.

8.16.5(j) The controlling rule shall be that model evaluation must identify not only performance, but also the ways a model can mislead, leak, overclaim, drift, bias, or create unauthorized authority.

***

8.16.6 Model Incident History, Restriction History, Suspension History, Deprecation History, and Retirement Status.\
8.16.6(a) Each material Model Register entry shall identify model incident history, restriction history, suspension history, deprecation history, retirement status, withdrawal status, supersession status, archive status, and prohibited-use history where applicable.

8.16.6(b) Model incidents may include hallucination events, false source events, retrieval failures, access-control failures, data leakage, privacy incidents, cybersecurity incidents, prompt injection, unauthorized tool use, agentic overreach, unsafe public-safe output, public authority overclaim, finance overclaim, provider preference, sponsor validation, protected knowledge exposure, community harm risk, model drift, bias event, benchmark failure, dashboard error, map error, API error, or correction failure.

8.16.6(c) Restriction history shall identify restricted uses, restricted audiences, restricted data classes, restricted evidence classes, restricted output classes, restricted environments, restricted retrieval sources, restricted embedding stores, restricted public-safe uses, and restricted interface uses.

8.16.6(d) Suspension history shall identify reason for suspension, effective date, affected workloads, affected outputs, interim controls, review pathway, notice decision, correction action, reinstatement condition, and closeout status.

8.16.6(e) Deprecation history shall identify deprecated version, replacement model where any, reason, effective date, affected workflows, affected evidence outputs, affected public-safe outputs, migration path, dependency review, and archive treatment.

8.16.6(f) Retirement status shall identify retired model, retirement date, reason, prohibited future uses, preserved records, archive status, access restrictions, output dependencies, and whether prior outputs require correction, qualification, or supersession.

8.16.6(g) Model incident, restriction, suspension, deprecation, and retirement records shall be linked to affected Compute Workload Records, Model Logs, Evidence Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, and interface records.

8.16.6(h) The controlling rule shall be that model history must travel with model identity because a model’s past failures, restrictions, suspensions, and retirement status determine whether and how it may safely be used.

***

8.16.7 Model Use in Evidence, Publications, Dashboards, Maps, Public Authority Materials, GRF Inputs, GRA Inputs, Protocol Authority Inputs, and Technical Outputs.\
8.16.7(a) Each material Model Register entry shall identify model use in evidence records, source comparison, confidence scoring, uncertainty treatment, limitation statements, publications, dashboards, maps, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, Nexus Observatory outputs, Nexus Risk Management outputs, Nexus Rails outputs, Nexus Grid inputs, Nexus Academy materials, public-good software, open technical baselines, APIs, datasets, Evidence Packs, Decision Packs, technical annexes, controlled annexes, provider materials, sponsor materials, host materials, community-facing materials, media materials, and public claims.

8.16.7(b) Model use in evidence shall identify whether the model produced, classified, summarized, translated, compared, retrieved, embedded, routed, scored, validated, challenged, corrected, or visualized evidence, and whether human review was required or completed.

8.16.7(c) Model use in publications shall identify public-safe status, source grounding, method records, confidence, uncertainty, limitations, AI-use disclosure where appropriate, reviewer records, boundary language, correction path, and whether model-generated material was materially altered by human reviewers.

8.16.7(d) Model use in dashboards and maps shall identify whether the model affects labels, scores, colors, indicators, alerts, geospatial layers, inference layers, aggregation, uncertainty visualization, confidence display, public-safe masking, safe-location treatment, or public warning boundary.

8.16.7(e) Model use in public authority materials shall preserve non-delegation, non-endorsement, non-regulatory, non-procurement, non-funding, non-public-finance, non-warning, non-emergency-command, public-safe, confidence, uncertainty, limitation, and correction controls.

8.16.7(f) Model use in GRF inputs shall preserve the distinction between evidence support and GRF recognition, standing, maturity records, claims approval, stakeholder formation, public-facing legitimacy, or public-safe reporting status.

8.16.7(g) Model use in GRA inputs shall preserve the distinction between evidence support and finance-readiness, capital-readiness, insurance-readiness, investment advice, ratings, guarantees, lending decisions, underwriting decisions, public finance approvals, or capital commitments.

8.16.7(h) Model use in Protocol Authority inputs shall preserve the distinction between evidence or method support and protocol effect, certification, conformance determination, role key, smart license, entitlement state, proof-receipt legal effect, external force, or operational clearance.

8.16.7(i) Model use in technical outputs shall preserve source lineage, method records, evaluation records, benchmark records, limitation statements, versioning, dependency records, public-safe status, and correction path.

8.16.7(j) The controlling rule shall be that model use must be visible in every material output it shapes because undisclosed model influence can distort evidence, public meaning, and correctionability.

***

8.16.8 Model Legal, Privacy, Cybersecurity, Export-Control, Sanctions, Public Authority, and Safeguards Review Where Applicable.\
8.16.8(a) Each material Model Register entry shall identify legal, privacy, cybersecurity, AI, data, sovereign data, export-control, sanctions, public authority, safeguards, Indigenous and protected knowledge, controlled technology, finance-boundary, provider-neutrality, sponsor non-control, competition, and public-safe review where applicable.

8.16.8(b) Legal review shall apply where model use may implicate contracts, licenses, IP, terms of service, data-sharing agreements, confidentiality, privilege, regulated activity, professional advice, public-law sensitivity, liability allocation, cross-border restrictions, procurement sensitivity, finance sensitivity, export-control, sanctions, or controlled technology.

8.16.8(c) Privacy review shall apply where the model may process, infer, retain, reveal, retrieve, embed, summarize, classify, or expose personal information, rights-bearing data, location data, health-sensitive data, small-group identifiable data, behavioral data, metadata, or other privacy-sensitive material.

8.16.8(d) Cybersecurity review shall apply where the model may access sensitive repositories, APIs, credentials, secrets, code, system logs, cyber evidence, vulnerability information, infrastructure-sensitive information, build pipelines, tools, plugins, agents, external services, or third-party dependencies.

8.16.8(e) Export-control and sanctions review shall apply where the model, data, code, compute environment, outputs, or use context may involve controlled technology, dual-use systems, restricted jurisdictions, restricted parties, advanced computing, AI models, encryption, cybersecurity tools, satellite data, geospatial data, telecommunications systems, semiconductors, quantum-relevant systems, or other regulated technology domains.

8.16.8(f) Public authority review shall apply where model use involves public authority data, public-sector systems, public authority rooms, emergency-management context, public finance context, procurement context, regulator-listening context, official data restrictions, agency references, or public authority learning outputs.

8.16.8(g) Safeguards and protected knowledge review shall apply where model use involves community-protected data, Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, sensitive site information, protected persons information, confidential community inputs, vulnerable community contexts, or knowledge shared under conditions of trust.

8.16.8(h) Finance-boundary, provider-neutrality, sponsor non-control, and competition review shall apply where model outputs may be used in finance-facing materials, provider comparisons, sponsor reports, capital-reader rooms, public authority rooms, validation sprints, benchmarks, National Company interfaces, Project SPV interfaces, procurement-adjacent settings, or public claims.

8.16.8(i) Where model review identifies unacceptable or unmitigated risk, GCRI Canada shall restrict, isolate, reconfigure, suspend, prohibit, replace, correct, or refuse model use as appropriate.

8.16.8(j) The controlling rule shall be that model registration is incomplete unless legal, privacy, cybersecurity, sovereignty, public authority, safeguards, finance, provider, sponsor, and competition risks are reviewed where they matter.

***

8.16.9 Model Access, Logging, Monitoring, Human Review, and Output Review Requirements.\
8.16.9(a) Each material Model Register entry shall identify model access, logging, monitoring, human review, and output review requirements proportionate to model risk, data class, evidence class, output class, public-safe status, public authority relevance, finance relevance, provider relevance, sponsor relevance, protected knowledge relevance, privacy risk, cybersecurity risk, sovereign data risk, and downstream dependency.

8.16.9(b) Model access shall identify authorized users, authorized roles, service accounts, machine identities, API identities, administrative accounts, external collaborator access, provider access, public authority access where any, host access where any, sponsor access where any, and temporary access where any.

8.16.9(c) Model access shall be role-based, purpose-bound, least-privilege, time-bound where appropriate, logged, revocable, and linked to permitted uses, prohibited uses, training requirements, confidentiality obligations, conflict status where material, and review status.

8.16.9(d) Logging shall capture model calls, retrieval events, embedding events, inference records where material, prompt or query categories where applicable and safe, input classes, output classes, access events, administrative changes, configuration changes, model version changes, system prompt changes where applicable, tool-use events, external API calls, refusal events, error events, correction events, and output review events.

8.16.9(e) Monitoring shall identify hallucination risk, drift, bias, anomalous outputs, unauthorized retrieval, prompt injection, data leakage, policy violation, boundary overclaim, public-safe failure, public authority overclaim, finance overclaim, provider preference, sponsor validation, protected knowledge exposure, and security events.

8.16.9(f) Human review shall be required where model outputs materially affect evidence meaning, confidence, uncertainty, public-safe classification, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, protected knowledge treatment, community safeguard treatment, dashboard meaning, map meaning, technical baseline status, correction status, or public claims.

8.16.9(g) Output review shall assess source grounding, method consistency, confidence, uncertainty, limitations, public-safe status, hallucination risk, unsupported claims, false precision, boundary language, prohibited advice, public authority confusion, finance implication, provider preference, sponsor validation, protected knowledge risk, privacy risk, cybersecurity risk, and correction path.

8.16.9(h) Where model access, logging, monitoring, human review, or output review controls are insufficient, GCRI Canada shall restrict, hold, suspend, reconfigure, isolate, reroute, downgrade, or prohibit model use until controls are adequate.

8.16.9(i) The controlling rule shall be that model use is acceptable only where access is controlled, activity is logged, behavior is monitored, material outputs are reviewed, and corrections remain possible.

***

8.16.10 Model Register Review Cycle and Correction Path.\
8.16.10(a) GCRI Canada shall maintain a review cycle and correction path for the Model Register and for each material Model Register entry.

8.16.10(b) Model Register review shall occur on schedule and upon material change, including new model version, new provider, new deployment context, new data access, new retrieval source, new embedding store, new fine-tuning, new output class, new public-safe use, new public authority use, new finance-facing use, new GRF input use, new GRA input use, new Protocol Authority input use, new provider-facing use, new sponsor-facing use, new incident, new evaluation, new restriction, new legal development, new privacy risk, new cybersecurity risk, new sovereign data risk, new export-control or sanctions risk, new protected knowledge concern, new dispute, or new correction.

8.16.10(c) Review may include evidence review, method review, data review, model review, compute review, privacy review, cybersecurity review, AI review, sovereign data review, public authority review, safeguards review, protected knowledge review, export-control review, sanctions review, finance-boundary review, provider-neutrality review, sponsor non-control review, competition review, legal review, interface review, committee review, officer review, Board reporting, or independent review where appropriate.

8.16.10(d) The correction path shall identify how a model entry may be corrected, reclassified, restricted, downgraded, suspended, reinstated, superseded, deprecated, withdrawn, retired, prohibited, archived, and linked to affected outputs and downstream dependencies.

8.16.10(e) Model correction shall be required where model identity, version, provider, purpose, permitted use, prohibited use, data access, retrieval source, embedding store, evaluation, limitation, risk, incident history, deployment context, access control, logging, monitoring, human review, output review, legal review, privacy review, cybersecurity review, public authority review, safeguards review, or boundary language is inaccurate, incomplete, stale, unsafe, overbroad, or no longer fit for purpose.

8.16.10(f) Where model correction affects outputs, GCRI Canada shall review affected evidence records, source comparison records, confidence records, uncertainty records, dashboards, maps, Evidence Packs, Decision Packs, publications, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, Observatory outputs, Risk Management outputs, Rails outputs, Academy materials, provider materials, sponsor materials, host materials, community-facing materials, public claims, and dependency records.

8.16.10(g) Where a model is suspended, deprecated, withdrawn, retired, or prohibited, GCRI Canada shall identify prohibited future uses, permitted archive uses, affected workflows, affected outputs, migration path where any, public-safe notice where required, controlled notice where required, and archive treatment.

8.16.10(h) Model Register entries shall be linked, where applicable, to Compute Workload Records, Compute Environment Records, Dataset Register entries, Method Register entries, Evidence Register entries, Observability Register entries, Ontology and Controlled Vocabulary Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, Nexus interface records, and public claims records.

8.16.10(i) Model Register review and correction shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.16.10(j) The controlling rule shall be that the Model Register must be reviewed and corrected because model risk changes as models, data, environments, uses, audiences, laws, and downstream dependencies change.

### 8.17 Model Records

8.17.1 Model Card Requirements.\
8.17.1(a) GCRI Canada shall maintain, or cause to be maintained, Model Cards for material models used by or on behalf of GCRI Canada where such models materially affect evidence, source comparison, confidence, uncertainty, limitation statements, public-safe outputs, controlled-room outputs, dashboards, maps, APIs, datasets, Evidence Packs, Decision Packs, Verifiable Intelligence, Verifiable Compute, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, Nexus Observatory outputs, Nexus Risk Management outputs, Nexus Rails outputs, Nexus Grid inputs, Nexus Academy materials, public-good software, open technical baselines, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, media materials, or public claims.

8.17.1(b) A Model Card shall identify model title or identifier, model family, model type, provider where any, developer where any, owner where known, GCRI Canada owner or responsible function, custodian, steward, version, release status, deployment context, access method, purpose, intended use, permitted use, prohibited use, intended audience, prohibited audience, output classes supported, data classes supported, evidence classes supported, technology domains supported, risk domains supported, public-safe status, access class, handling class, and correction path.

8.17.1(c) A Model Card shall identify model capabilities and model limits in a form sufficient to prevent overclaim, including known strengths, known weaknesses, domain limitations, language limitations, jurisdictional limitations, public authority limitations, finance-boundary limitations, provider-neutrality limitations, sponsor non-control limitations, public-safe limitations, and downstream-use limitations.

8.17.1(d) A Model Card shall identify, where known and material, training data status, fine-tuning status, retrieval status, embedding status, inference status, evaluation status, benchmark status, validation status, incident history, restriction history, suspension history, deprecation history, retirement status, and affected dependency records.

8.17.1(e) A Model Card shall identify risk controls, including human review requirements, output review requirements, access controls, logging controls, monitoring controls, prompt or query controls where applicable, retrieval controls, embedding controls, tool-use controls, public-safe controls, privacy controls, cybersecurity controls, sovereign data controls, public authority controls, safeguards controls, finance-boundary controls, provider-neutrality controls, sponsor non-control controls, and correction controls.

8.17.1(f) A Model Card shall not describe a model as approved, safe, reliable, validated, verified, certified, recognized, finance-ready, public-authority-approved, procurement-approved, provider-endorsed, sponsor-approved, protocol-effective, operationally cleared, guaranteed, or execution-ready except within the exact limits of the record and never by default.

8.17.1(g) Where a Model Card becomes inaccurate, incomplete, stale, unsafe, overbroad, overclaimed, misclassified, or no longer fit for purpose, GCRI Canada shall correct, restrict, supersede, withdraw, retire, archive, or reissue the Model Card and review affected model uses and downstream outputs.

8.17.1(h) The controlling rule shall be that Model Cards shall make model identity, use, limits, risks, controls, and correction paths visible before model outputs may support institutional evidence.

***

8.17.2 System Card Requirements.\
8.17.2(a) GCRI Canada shall maintain, or cause to be maintained, System Cards for material systems that use, integrate, orchestrate, route, retrieve, embed, evaluate, visualize, publish, or otherwise operationalize models in support of GCRI Canada outputs.

8.17.2(b) A System Card shall identify system title or identifier, system purpose, owner, custodian, steward, provider where any, developer where any, deployment context, environment, architecture summary, model components, data components, retrieval components, embedding components, tool components, API components, dashboard components, map components, workflow components, access controls, logging controls, monitoring controls, output review controls, public-safe controls, and correction path.

8.17.2(c) A System Card shall identify how the system is used in Nexus Truth Engine, Nexus Observatory, Verifiable Compute, Verifiable Intelligence, public-good software, open technical baselines, Evidence Packs, Decision Packs, dashboards, maps, APIs, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, Nexus Rails handoffs, Nexus Grid inputs, Nexus Academy materials, provider materials, sponsor materials, host materials, community-facing materials, public-safe publications, and public claims where applicable.

8.17.2(d) A System Card shall identify system-level risks, including model risk, data risk, retrieval risk, embedding risk, prompt-injection risk, tool-use risk, agentic overreach risk, cyber risk, access-control risk, data leakage risk, hallucination risk, bias risk, drift risk, false-precision risk, public-safe publication risk, public authority overclaim risk, finance overclaim risk, provider preference risk, sponsor validation risk, protected knowledge exposure risk, and correction failure risk.

8.17.2(e) A System Card shall identify system-level safeguards, including least privilege, segmentation, isolation, environment controls, credential controls, secrets controls, rate limits where applicable, approved tool lists, prohibited tool lists, human review requirements, output review requirements, public-safe release controls, controlled-room controls, incident path, suspension path, rollback path, decommissioning path, and archive path.

8.17.2(f) A System Card shall distinguish system functionality from institutional authority. System automation, routing, scoring, retrieval, dashboard display, map display, API output, or AI-generated summary shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.17.2(g) Where a system is corrected, reconfigured, restricted, suspended, superseded, deprecated, retired, or archived, the System Card shall be updated and affected outputs, workloads, access permissions, dependencies, and public-safe materials shall be reviewed.

8.17.2(h) The controlling rule shall be that System Cards shall make model-enabled systems governable because institutional risk often arises from system integration, not only from individual models.

***

8.17.3 Dataset Card Requirements.\
8.17.3(a) GCRI Canada shall maintain, or cause to be maintained, Dataset Cards for material datasets used to train, fine-tune, retrieve, embed, evaluate, benchmark, simulate, classify, summarize, compare, visualize, publish, or otherwise support models or model-enabled systems used by GCRI Canada.

8.17.3(b) A Dataset Card shall identify dataset title or identifier, source records, owner where known, custodian, steward, contributor, version, date range, geography or safe location treatment, collection method, data class, evidence class, technology domain, risk domain, public-safe status, access class, handling class, lawful basis or authority where applicable, permissions, licenses, consent or non-consent treatment where applicable, confidentiality status, public authority restrictions, community restrictions, Indigenous or protected knowledge restrictions, transfer restrictions, retention status, and correction path.

8.17.3(c) A Dataset Card shall identify intended uses and prohibited uses, including whether the dataset may be used for training, fine-tuning, retrieval, embedding, evaluation, benchmarking, simulation, digital twin inputs, geospatial processing, sensor fusion, cyber analysis, dashboard generation, map generation, public-safe summarization, Evidence Pack assembly, Decision Pack assembly, API output, technical publication, or correction.

8.17.3(d) A Dataset Card shall identify dataset quality and limitations, including completeness, missingness, representativeness, sampling limits, temporal coverage, spatial coverage, bias risks, measurement limits, source limits, transformation history, data lineage, public-safe limits, re-identification risk, inference risk, model-dependency risk, and known errors.

8.17.3(e) A Dataset Card shall identify safeguards for personal information, rights-bearing data, public authority data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, commercially sensitive data, community-protected data, Indigenous or local knowledge, protected knowledge, confidential source information, controlled technology, export-controlled materials, sanctions-sensitive materials, and other restricted content.

8.17.3(f) A Dataset Card shall identify whether the dataset has been corrected, reclassified, restricted, superseded, withdrawn, retracted, downgraded, suspended, reinstated, retired, archived, or placed under legal hold, and shall identify affected model, workload, output, and dependency records where material.

8.17.3(g) A Dataset Card shall not imply that a dataset is complete, unbiased, public-safe, lawful for all uses, suitable for all models, suitable for all jurisdictions, suitable for public release, suitable for finance-facing use, suitable for public authority use, suitable for provider comparison, or suitable for protected knowledge processing beyond its recorded limits.

8.17.3(h) The controlling rule shall be that Dataset Cards are required because model behavior, evidence quality, and public-safe output quality depend on the lawful, bounded, and correctionable character of the datasets that models use.

***

8.17.4 Benchmark Card Requirements.\
8.17.4(a) GCRI Canada shall maintain, or cause to be maintained, Benchmark Cards for material benchmarks, tests, validation sprints, evaluation harnesses, performance comparisons, stress tests, public-safe tests, model evaluations, provider demonstrations, technical baseline tests, public-good software tests, observability tests, sensor tests, AI-RAN tests, O-RAN tests, cyber tests, geospatial tests, digital twin tests, simulation tests, and other comparative or evaluative exercises used by GCRI Canada.

8.17.4(b) A Benchmark Card shall identify benchmark title or identifier, purpose, scope, sponsor where any, provider where any, host where any, owner, custodian, steward, test environment, model tested, system tested, dataset used, method used, code used, configuration, test conditions, hardware conditions where material, software conditions, network conditions where material, timing, reviewer, version, status, public-safe status, access class, handling class, and correction path.

8.17.4(c) A Benchmark Card shall identify benchmark meaning and limits, including what the benchmark measures, what it does not measure, what assumptions apply, what exclusions apply, what confidence attaches, what uncertainty remains, what limitations apply, whether results are reproducible, whether results are context-specific, whether results are provider-supplied, whether results are sponsor-supported, and whether independent comparison exists.

8.17.4(d) Benchmark results shall not be used as ratings, rankings, provider endorsements, procurement preferences, certifications, recognitions, finance-readiness determinations, public authority approvals, guarantees, operational clearances, safety approvals, security approvals, protocol effects, or execution readiness indicators by default.

8.17.4(e) A Benchmark Card shall identify conflict and influence controls where providers, sponsors, hosts, funders, donors, capital readers, public authorities, National Companies, Project SPVs, universities, laboratories, or other parties contribute data, systems, infrastructure, funding, access, method design, or publication support.

8.17.4(f) A Benchmark Card shall identify public-safe communication controls, including prohibited claims, permitted claims, required boundary language, confidence treatment, uncertainty treatment, limitation statements, public authority boundary language where applicable, finance boundary language where applicable, provider-neutrality language where applicable, sponsor non-control language where applicable, correction path, and withdrawal path.

8.17.4(g) Where a benchmark is corrected, challenged, re-run, reclassified, restricted, downgraded, superseded, withdrawn, retracted, retired, or archived, affected Benchmark Cards, Model Cards, System Cards, Dataset Cards, outputs, public-safe materials, provider materials, sponsor materials, public claims, and dependency records shall be reviewed.

8.17.4(h) The controlling rule shall be that Benchmark Cards shall prevent tests from becoming unauthorized ratings by making benchmark purpose, conditions, limits, influence controls, and prohibited claims explicit.

***

8.17.5 Evaluation Harness Records.\
8.17.5(a) GCRI Canada shall maintain, or cause to be maintained, Evaluation Harness Records for material evaluation harnesses used to test models, systems, methods, retrieval workflows, embedding stores, classification systems, confidence scoring, uncertainty treatment, source comparison, contradiction detection, dispute handling, correction triggers, public-safe outputs, dashboards, maps, APIs, technical baselines, public-good software, or other model-supported workflows.

8.17.5(b) An Evaluation Harness Record shall identify harness title or identifier, purpose, owner, custodian, steward, method version, code version, dataset version, model version, configuration, evaluation criteria, test cases, test corpus, expected outputs where applicable, prohibited outputs, scoring method where any, thresholds where any, reviewer, run history, environment, public-safe status, access class, handling class, and correction path.

8.17.5(c) Evaluation Harness Records shall identify the evaluation question, including whether the harness tests accuracy, source grounding, retrieval relevance, classification consistency, hallucination resistance, bias risk, drift, prompt-injection resistance, data leakage, output safety, public-safe communication, boundary-language preservation, confidence calibration, uncertainty treatment, dashboard meaning, map meaning, or correction workflow performance.

8.17.5(d) Evaluation Harness Records shall identify limitations, including test coverage, excluded domains, excluded languages, excluded communities, excluded jurisdictions, excluded data classes, excluded public authority contexts, excluded finance-facing contexts, excluded protected knowledge contexts, statistical limits, model-dependency limits, dataset-dependency limits, and reproducibility limits.

8.17.5(e) Evaluation Harness Records shall identify whether the harness is approved for internal testing, controlled-room testing, public-safe support, model registration support, technical baseline support, Protocol Authority support, GRF input support, GRA input support, public authority learning support, provider-facing evaluation, sponsor-facing reporting, or publication.

8.17.5(f) Evaluation harness outputs shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.17.5(g) Where an evaluation harness is corrected, challenged, reconfigured, restricted, superseded, withdrawn, retired, or archived, GCRI Canada shall review affected evaluations, model records, system records, benchmark records, technical baselines, public-good software outputs, public-safe outputs, and dependency records.

8.17.5(h) The controlling rule shall be that evaluation harnesses must be recorded because model evaluation cannot be trusted unless the test itself is inspectable, bounded, and correctionable.

***

8.17.6 Prompt, Query, Retrieval, Embedding, and Inference Context Records Where Applicable.\
8.17.6(a) GCRI Canada shall maintain, or cause to be maintained, prompt, query, retrieval, embedding, and inference context records where such records are material to understanding, reviewing, challenging, correcting, reproducing, or safely explaining model outputs or model-supported GCRI Canada outputs.

8.17.6(b) Prompt context records shall identify prompt or instruction category, purpose, model used, system instruction category where applicable, user instruction category where appropriate and safe, prompt version, input class, prohibited input class, output class, public-safe status, access class, handling class, human review requirement, and correction path.

8.17.6(c) Query context records shall identify query purpose, source repositories searched, search scope, filters, time frame, ontology terms, controlled vocabulary terms, retrieval method, access status, public-safe status, reviewer, date, and output relationship.

8.17.6(d) Retrieval context records shall identify retrieved records, record versions, source repositories, selection method where material, ranking method where material, excluded records where material, missing records where material, access controls, classification filters, public-safe filters, public authority filters, finance-boundary filters, protected knowledge filters, and dependency links.

8.17.6(e) Embedding context records shall identify embedding store, source corpus, embedding model, embedding version, ingestion date, update date, access controls, handling class, public-safe status, restricted material status, deletion path, re-indexing path, correction path, and whether embeddings may reveal or encode restricted material.

8.17.6(f) Inference context records shall identify model identity, model version, input class, output class, inference date, environment, relevant configuration, tool use where any, retrieved context where material, confidence where applicable, uncertainty where applicable, limitations, human review status, public-safe status, and correction path.

8.17.6(g) Prompt, query, retrieval, embedding, and inference context records shall be proportionate and shall not retain personal information, rights-bearing data, protected knowledge, confidential source information, cyber-sensitive information, infrastructure-sensitive information, public authority restricted information, sovereign-sensitive information, finance-sensitive information, privileged information, secrets, credentials, keys, tokens, or controlled technology beyond lawful, necessary, secure, and purpose-bound limits.

8.17.6(h) Where full records would create privacy, cybersecurity, protected knowledge, public authority, legal, privilege, security, or safety risk, GCRI Canada may use redacted, summarized, hashed, controlled, or access-restricted records sufficient to preserve auditability without unsafe exposure.

8.17.6(i) The controlling rule shall be that model context must be recorded where it shapes meaning, but recordkeeping itself must remain lawful, minimized, secure, public-safe, and correctionable.

***

8.17.7 Model Risk Classification Records.\
8.17.7(a) GCRI Canada shall maintain, or cause to be maintained, Model Risk Classification Records for material models and model-enabled systems used by or on behalf of GCRI Canada.

8.17.7(b) Model Risk Classification Records shall identify model title or identifier, system title or identifier where applicable, risk class, risk basis, data classes, evidence classes, output classes, technology domains, risk domains, intended audiences, prohibited audiences, public-safe status, controlled-room status, public authority relevance, finance relevance, provider relevance, sponsor relevance, community relevance, protected knowledge relevance, privacy risk, cybersecurity risk, sovereign data risk, legal risk, export-control risk, sanctions risk, controlled-technology risk, and downstream dependency.

8.17.7(c) Model risk classification shall assess capability risk, autonomy risk, agentic risk, tool-use risk, retrieval risk, embedding risk, hallucination risk, bias risk, drift risk, security risk, data leakage risk, prompt-injection risk, public-safe publication risk, false-precision risk, public authority overclaim risk, finance overclaim risk, provider preference risk, sponsor validation risk, protected knowledge exposure risk, community harm risk, and correction failure risk.

8.17.7(d) Risk classification shall determine required controls, including access restrictions, human review, output review, public-safe review, legal review, privacy review, cybersecurity review, AI review, sovereign data review, safeguards review, public authority boundary review, finance boundary review, provider-neutrality review, sponsor non-control review, monitoring, logging, incident handling, review cadence, and Board or committee reporting where material.

8.17.7(e) Model risk classification shall be updated where the model, system, data access, retrieval source, embedding store, output class, audience, deployment context, provider, jurisdiction, legal context, public authority use, finance-facing use, public-safe use, incident history, evaluation record, or downstream dependency changes materially.

8.17.7(f) A lower risk classification shall not be used to bypass controls where data, audience, public-safe status, public authority relevance, finance relevance, protected knowledge, cybersecurity, or downstream reliance requires heightened treatment.

8.17.7(g) Model Risk Classification Records shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.17.7(h) The controlling rule shall be that model risk must be classified because the same model may be low risk in one use and high risk in another.

***

8.17.8 Model Approval, Restriction, Suspension, Retirement, and Deprecation Records.\
8.17.8(a) GCRI Canada shall maintain, or cause to be maintained, model approval, restriction, suspension, reinstatement, retirement, deprecation, withdrawal, prohibition, and archive records for material models and model-enabled systems.

8.17.8(b) Model approval records shall identify approved model, approved version, approved purpose, approved data classes, approved evidence classes, approved output classes, approved environments, approved audiences, approved users, required controls, required reviews, public-safe status, permitted use, prohibited use, reviewer, approving actor, approval date, review cycle, expiration where any, and correction path.

8.17.8(c) Model restriction records shall identify restricted model, restriction basis, restricted uses, restricted data classes, restricted evidence classes, restricted output classes, restricted audiences, restricted environments, restricted retrieval sources, restricted embedding stores, restricted public-safe uses, restricted interface uses, compensating controls, notice requirements, review date, and closeout condition.

8.17.8(d) Model suspension records shall identify suspended model, reason for suspension, effective date, affected workloads, affected outputs, affected dependencies, interim controls, review pathway, notice decision, correction action, reinstatement condition, and closeout status.

8.17.8(e) Model deprecation records shall identify deprecated model or version, replacement model where any, reason, effective date, affected workflows, affected evidence outputs, affected public-safe outputs, migration path, dependency review, permitted archive uses, prohibited future uses, and archive treatment.

8.17.8(f) Model retirement records shall identify retired model, retirement date, reason, prohibited future uses, preserved records, archive status, access restrictions, output dependencies, and whether prior outputs require correction, qualification, supersession, withdrawal, or retraction.

8.17.8(g) Model approval, restriction, suspension, retirement, and deprecation shall not imply certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.17.8(h) The controlling rule shall be that model status must be recorded because models may be permitted, restricted, suspended, deprecated, retired, or prohibited for different purposes, audiences, data classes, and outputs.

***

8.17.9 Model Incident and Model Correction Records.\
8.17.9(a) GCRI Canada shall maintain, or cause to be maintained, model incident records and model correction records for material model failures, errors, misuse, overclaim, security events, public-safe failures, data issues, evaluation failures, output defects, access defects, or correction events.

8.17.9(b) Model incidents may include hallucination events, false citations, fabricated sources, unsupported summaries, overconfident classifications, incorrect entity resolution, retrieval failures, embedding failures, prompt-injection events, unauthorized retrieval, unauthorized tool use, agentic overreach, data leakage, privacy incident, cyber incident, credential exposure, protected knowledge exposure, community harm risk, public authority overclaim, finance overclaim, provider preference, sponsor validation, false precision, dashboard error, map error, benchmark failure, model drift, bias event, unsafe public-safe output, or third-party misuse.

8.17.9(c) Model incident records shall identify incident title or identifier, model affected, system affected, workload affected, output affected, source of detection, date, severity, incident type, data affected, evidence affected, confidence effect, uncertainty effect, public-safe effect, privacy effect, cybersecurity effect, sovereign data effect, public authority effect, finance effect, provider effect, sponsor effect, protected knowledge effect, community effect, affected dependencies, interim controls, response actions, notice decisions, and closeout requirements.

8.17.9(d) Model correction records shall identify corrected model record, corrected output, correction type, prior status, corrected status, reason, source of correction, reviewer, approving actor where applicable, effective date, affected workloads, affected outputs, affected logs, affected dependencies, confidence effect, uncertainty effect, public-safe effect, boundary effect, notice decision, and archive treatment.

8.17.9(e) Model correction may include model record correction, model restriction, access restriction, retrieval correction, embedding correction, prompt correction, configuration correction, method correction, dataset correction, evaluation correction, output correction, dashboard correction, map correction, public-safe correction, confidence change, uncertainty change, suspension, deprecation, retirement, withdrawal, retraction, or prohibition.

8.17.9(f) Where a model incident affects public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority inputs, Observatory outputs, Risk Management outputs, Rails outputs, Grid inputs, Academy materials, provider materials, sponsor materials, host materials, community-facing materials, public-safe publications, dashboards, maps, APIs, technical baselines, public-good software, or public claims, GCRI Canada shall review downstream dependencies and determine whether notice, restriction, correction, supersession, withdrawal, or retraction is required.

8.17.9(g) Model incidents and corrections shall not be suppressed because disclosure or correction may be reputationally uncomfortable, sponsor-sensitive, provider-sensitive, public authority-sensitive, finance-sensitive, media-sensitive, program-disruptive, technically burdensome, or inconvenient.

8.17.9(h) The controlling rule shall be that model failure must become a record, not a hidden defect, because unrecorded model incidents are uncorrectable institutional risk.

***

8.17.10 Public-Safe Model Summary Records.\
8.17.10(a) GCRI Canada may maintain Public-Safe Model Summary Records for material models or model-enabled systems where public-safe disclosure of model purpose, status, use, limitations, safeguards, and correction posture would support public trust, public-safe learning, technical literacy, public authority learning, GRF interface clarity, GRA interface clarity, Protocol Authority interface clarity, provider-neutrality, sponsor non-control, or Nexus public-good legibility.

8.17.10(b) A Public-Safe Model Summary Record may identify model or system name, general purpose, general use context, public-safe status, output classes supported, human review posture, source-grounding posture, evaluation posture, limitation categories, risk categories, public-safe safeguards, privacy safeguards, cybersecurity safeguards, sovereign data safeguards, protected knowledge safeguards, access controls in general terms, correction path, and supersession status.

8.17.10(c) Public-Safe Model Summary Records shall not disclose restricted model details, protected configurations, security controls, vulnerability details, exploit-sensitive information, confidential source information, personal information, rights-bearing data, public authority restricted information, sovereign-sensitive information, protected knowledge, community-sensitive information, finance-sensitive information, commercially sensitive information, credentials, secrets, keys, tokens, controlled technology, or other material whose disclosure would be unsafe, unlawful, or inconsistent with GCRI Canada’s public-benefit mandate.

8.17.10(d) Public-Safe Model Summary Records shall be accurate, limitation-aware, confidence-aware where material, non-misleading, public-safe, role-bounded, records-supported, correctionable, and consistent with GCRI Canada’s non-execution, public authority boundary, finance boundary, provider-neutrality, sponsor non-control, privacy, cybersecurity, sovereign data, protected knowledge, and correctionability obligations.

8.17.10(e) Public-Safe Model Summary Records shall not imply that a model or model-enabled system is certified, recognized, finance-ready, public-authority-approved, procurement-approved, provider-endorsed, sponsor-approved, rated, guaranteed, warning-capable, command-capable, protocol-effective, operationally cleared, legally approved, professionally approved, market-authorized, infrastructure-operational, or execution-ready.

8.17.10(f) Where a Public-Safe Model Summary Record becomes inaccurate, incomplete, stale, unsafe, overclaimed, misclassified, or inconsistent with the underlying Model Register, Model Card, System Card, Dataset Card, Benchmark Card, evaluation records, incident records, or correction records, GCRI Canada shall correct, restrict, supersede, withdraw, or reissue the summary.

8.17.10(g) Public-Safe Model Summary Records shall be linked, where appropriate, to public-safe output catalogues, Model Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, and public claims records, while preserving restricted underlying records.

8.17.10(h) The controlling rule shall be that public-safe model summaries may build public trust only if they disclose enough to be meaningful, withhold enough to be safe, and remain corrected when model status changes.

### 8.18 Dataset Cards and Dataset Governance

8.18.1 Dataset Card Requirement for Material Datasets.\
8.18.1(a) GCRI Canada shall maintain, or cause to be maintained, Dataset Cards for material datasets used by or on behalf of GCRI Canada in evidence work, Nexus Truth Engine activities, Verifiable Compute, Verifiable Intelligence, Nexus Observatory activities, model governance, public-good software, open technical baselines, secure research, AI-assisted analysis, simulation, digital twin analysis, geospatial analysis, sensor fusion, cyber analysis, benchmarking, Evidence Packs, Decision Packs, dashboards, maps, APIs, controlled-room outputs, public-safe publications, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, Nexus Rails handoffs, Nexus Grid inputs, Nexus Academy materials, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, media materials, and public claims.

8.18.1(b) A Dataset Card shall be required where a dataset materially affects source comparison, evidence quality, confidence, uncertainty, limitation treatment, public-safe classification, model behavior, output meaning, dashboard meaning, map meaning, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, community-facing interpretation, protected knowledge treatment, Nexus interface meaning, public claims, or downstream dependency.

8.18.1(c) Dataset Card requirements shall apply to raw datasets, processed datasets, derived datasets, reference datasets, evaluation datasets, benchmark datasets, training datasets, fine-tuning datasets, embedding corpora, retrieval corpora, geospatial datasets, Earth observation datasets, satellite datasets, cyber datasets, sensor datasets, AI-RAN signal datasets, O-RAN signal datasets, private wireless datasets, DePIN datasets, digital twin datasets, simulation datasets, public authority datasets, health-sensitive datasets, infrastructure-sensitive datasets, community-protected datasets, Indigenous or local knowledge datasets, protected knowledge datasets, provider datasets, sponsor datasets, host datasets, public records datasets, and historical datasets.

8.18.1(d) Dataset Card governance shall be proportionate to dataset sensitivity, data class, evidence class, source authority, lawful basis, permissions, public-safe status, personal information status, public authority status, sovereign data status, protected knowledge status, cybersecurity sensitivity, infrastructure sensitivity, health sensitivity, finance sensitivity, commercial sensitivity, export-control sensitivity, sanctions sensitivity, AI-use status, model-use status, publication status, and downstream reliance.

8.18.1(e) No dataset shall be treated as institutionally valid merely because it is public, large, structured, machine-readable, open-source, government-published, provider-supplied, sponsor-supplied, model-ready, dashboard-ready, benchmark-used, technically sophisticated, widely used, or convenient.

8.18.1(f) Where a dataset has been used materially without a Dataset Card, GCRI Canada shall identify affected outputs, complete or reconstruct the Dataset Card where possible, review permissions and classification, assess affected confidence and uncertainty, restrict or hold affected outputs where appropriate, and correct downstream dependencies where required.

8.18.1(g) Dataset Cards shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.18.1(h) The controlling rule shall be that material datasets require Dataset Cards because evidence, models, dashboards, maps, public-safe outputs, and institutional claims cannot be trusted unless the datasets supporting them are identified, classified, permissioned, limited, reviewed, and correctionable.

***

8.18.2 Dataset Identity, Owner, Custodian, Source, Provenance, License, Permissions, Consent / Non-Consent Where Applicable, and Use Limits.\
8.18.2(a) Each material Dataset Card shall identify dataset title or identifier, dataset type, dataset version, owner where known, GCRI Canada owner or responsible function where applicable, custodian, steward, contributor, source, source records, provenance, custody, collection method, creation date where known, receipt date, access date, update cadence where known, jurisdictional context, public authority context where any, community context where any, Indigenous or protected knowledge context where any, and archive path.

8.18.2(b) Dataset source treatment shall identify whether the dataset is internally generated, externally sourced, public, restricted, licensed, public authority-supplied, provider-supplied, sponsor-supplied, host-supplied, university-supplied, laboratory-supplied, community-supplied, Indigenous or local knowledge-derived, sensor-derived, model-derived, AI-generated, simulation-generated, digital twin-derived, web-derived, repository-derived, API-derived, or historical.

8.18.2(c) Provenance and custody shall identify how the dataset was created, collected, transformed, transferred, received, stored, accessed, processed, corrected, restricted, superseded, withdrawn, archived, or otherwise handled, including chain-of-custody records where material.

8.18.2(d) License and permission records shall identify license terms, permitted uses, prohibited uses, attribution requirements, redistribution limits, derivative-use limits, publication limits, AI-use limits, training-use limits, fine-tuning-use limits, embedding-use limits, retrieval-use limits, benchmarking-use limits, commercial-use limits, public authority-use limits, finance-facing-use limits, public-safe-use limits, transfer limits, retention limits, deletion obligations, and correction obligations.

8.18.2(e) Consent or non-consent treatment shall be recorded where applicable, including consent basis, non-consent basis, withdrawal pathway where applicable, community protocol, Indigenous protocol where applicable, protected knowledge restrictions, data-subject rights pathway where applicable, public authority authority, ethical review status where any, and safeguards review status.

8.18.2(f) Use limits shall identify whether the dataset may be used for evidence analysis, source comparison, model training, fine-tuning, embedding, retrieval, evaluation, benchmarking, simulation, digital twin input, geospatial processing, sensor fusion, cyber analysis, dashboard generation, map generation, public-safe summarization, Evidence Pack assembly, Decision Pack assembly, public authority learning, GRF input, GRA input, Protocol Authority support, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, Academy materials, technical publication, or correction.

8.18.2(g) Where ownership, custody, source authority, license, permission, consent, non-consent, provenance, or use limits are incomplete, disputed, stale, unsafe, or incompatible with the proposed use, GCRI Canada shall hold, restrict, narrow, reclassify, correct, exclude, or refuse dataset use until the dataset is made records-valid.

8.18.2(h) The controlling rule shall be that dataset governance begins with identity, source authority, permission, and use limits because unidentified or unauthorized data cannot lawfully or safely become institutional evidence.

***

8.18.3 Dataset Classification, Data Sensitivity, Public Authority Status, Personal Information Status, Health-Sensitive Status, Cyber-Sensitive Status, Infrastructure-Sensitive Status, Community-Protected Status, Protected Knowledge Status, and Export-Control Sensitivity.\
8.18.3(a) Each material Dataset Card shall identify dataset classification, data sensitivity, evidence class, access class, handling class, public-safe status, public authority status, personal information status, rights-bearing data status, health-sensitive status, cyber-sensitive status, infrastructure-sensitive status, community-protected status, Indigenous or protected knowledge status, sovereign data status, finance-sensitive status, commercial sensitivity, source-protection status, controlled-technology status, export-control sensitivity, sanctions sensitivity, AI-use status, publication status, and retention status.

8.18.3(b) Public authority status shall identify whether the dataset is provided by, derived from, hosted by, restricted by, or associated with a public authority, and shall identify public authority capacity classification, official or non-official status, data-sharing authority, permitted use, prohibited use, confidentiality, publication restrictions, transfer restrictions, agency reference controls, and correction path.

8.18.3(c) Personal information and rights-bearing data status shall identify whether the dataset contains, may contain, reveals, infers, links to, or could reasonably re-identify individuals, households, protected groups, small groups, vulnerable persons, workers, residents, public officials, participants, whistleblowers, community members, or other rights-bearing persons.

8.18.3(d) Health-sensitive status shall identify whether the dataset contains health information, health-adjacent information, public health context, health system data, epidemiological context, service access information, disability-related information, environmental health indicators, inferred health risks, or other health-sensitive material requiring heightened protection.

8.18.3(e) Cyber-sensitive status shall identify whether the dataset contains logs, vulnerabilities, exploit indicators, credentials, secrets, keys, tokens, infrastructure topology, incident evidence, malware indicators, attack patterns, security telemetry, access logs, repository data, or other material that could expose systems, actors, or defenses.

8.18.3(f) Infrastructure-sensitive status shall identify whether the dataset contains critical infrastructure locations, dependencies, operating conditions, vulnerabilities, continuity information, degraded-mode information, utility data, telecommunications data, AI-RAN or O-RAN data, private wireless data, energy data, water data, food-system data, transport data, public facility data, or other sensitive infrastructure material.

8.18.3(g) Community-protected and protected knowledge status shall identify whether the dataset contains community-sensitive information, Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, traditional ecological knowledge, sensitive-site information, sacred-site information, vulnerable community information, informal infrastructure knowledge, protected knowledge, confidential community inputs, or knowledge shared under conditions of trust.

8.18.3(h) Export-control and sanctions sensitivity shall identify whether the dataset concerns controlled technology, dual-use systems, advanced computing, AI models, encryption, cybersecurity tools, satellite data, geospatial data, telecommunications systems, semiconductors, quantum-relevant systems, controlled biological or biosecurity information, restricted jurisdictions, restricted parties, or other regulated technology or trade-sensitive domains.

8.18.3(i) Where dataset classification is uncertain, GCRI Canada shall apply the more protective classification until review supports a less restrictive classification through proper record.

8.18.3(j) The controlling rule shall be that dataset classification must follow the risk carried by the data, not the convenience of the intended output.

***

8.18.4 Dataset Quality, Completeness, Bias, Representativeness, Timeliness, Gaps, Limitations, and Known Errors.\
8.18.4(a) Each material Dataset Card shall identify dataset quality, completeness, bias, representativeness, timeliness, gaps, limitations, known errors, correction history, supersession history, withdrawal status, retraction status where applicable, and fitness for recorded purpose.

8.18.4(b) Dataset quality shall assess source reliability, provenance, custody, collection method, calibration where applicable, measurement integrity, data integrity, transformation integrity, documentation quality, validation status, review status, error rate where known, missingness, duplication, corruption, consistency, and reproducibility where appropriate.

8.18.4(c) Completeness shall assess coverage of relevant time, geography, population, community, system, asset, event, hazard, technology, infrastructure, public authority context, provider context, sponsor context, source class, data field, evidence class, and intended evidence question.

8.18.4(d) Bias and representativeness shall assess sampling bias, selection bias, survivorship bias, reporting bias, measurement bias, model-derived bias, public-record bias, language bias, geographic bias, community exclusion, protected group underrepresentation, provider bias, sponsor bias, public authority context bias, media bias, academic incentive bias, and missing voice risk.

8.18.4(e) Timeliness shall assess creation date, collection date, update cadence, latency, time-zone treatment, version currency, stale status, supersession status, event relevance, technology-change relevance, public authority-change relevance, community-context-change relevance, provider-change relevance, sponsor-change relevance, and continuing fitness for purpose.

8.18.4(f) Gaps shall identify missing data, missing fields, inaccessible annexes, redactions, unavailable sources, withheld data, uncollected data, data not permissioned, data not public-safe, geographically limited data, temporally limited data, population-limited data, method-limited data, and gaps caused by lawful refusal, community non-consent, Indigenous protocol, public authority restriction, privacy restriction, cybersecurity restriction, sovereign data restriction, or protected knowledge restriction.

8.18.4(g) Limitations and known errors shall identify data limitations, source limitations, collection limitations, transformation limitations, processing limitations, model limitations, geospatial limitations, sensor limitations, cyber limitations, public-safe limitations, legal limitations, public authority limitations, finance-boundary limitations, provider-neutrality limitations, sponsor non-control limitations, and downstream-use limitations.

8.18.4(h) Dataset quality statements shall not imply that a dataset is complete, unbiased, current, representative, legally usable, public-safe, or fit for all purposes beyond the recorded review.

8.18.4(i) Where dataset quality, completeness, bias, representativeness, timeliness, gaps, limitations, or known errors materially affect outputs, GCRI Canada shall reflect the effect in confidence, uncertainty, limitation statements, public-safe review, access controls, output class, and correction path.

8.18.4(j) The controlling rule shall be that dataset quality must be stated honestly because poor or misunderstood datasets silently become poor evidence, poor models, poor dashboards, and poor public claims.

***

8.18.5 Dataset Use in Training, Fine-Tuning, Embedding, Retrieval, Evaluation, Evidence, Publication, Dashboard, Map, and Public Authority Learning.\
8.18.5(a) Each material Dataset Card shall identify whether and how the dataset may be used in model training, fine-tuning, adaptation, calibration, embedding, retrieval, indexing, evaluation, benchmarking, evidence analysis, source comparison, public-safe publication, dashboard generation, map generation, API output, technical baseline support, public-good software, public authority learning, GRF input, GRA input, Protocol Authority support, Rails handoff, Academy materials, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, or public claims.

8.18.5(b) Training and fine-tuning use shall be prohibited unless the dataset’s lawful basis, permissions, license terms, consent or non-consent treatment where applicable, data class, privacy status, public authority status, sovereign data status, protected knowledge status, AI-use status, training-use status, transfer status, retention status, and public-safe status permit such use.

8.18.5(c) Embedding and retrieval use shall be prohibited or restricted where embeddings or retrieval stores may encode, expose, infer, retrieve, leak, reconstruct, or miscontextualize personal information, rights-bearing data, public authority restricted data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, community-protected data, Indigenous or protected knowledge, source-protected information, confidential materials, privileged materials, credentials, secrets, keys, tokens, controlled technology, export-controlled materials, or sanctions-sensitive materials.

8.18.5(d) Evaluation and benchmarking use shall preserve benchmark purpose, test conditions, dataset limitations, provider-neutrality controls, sponsor non-control controls, public authority boundaries, finance boundaries, public-safe status, prohibited claims, and correction path.

8.18.5(e) Evidence use shall preserve source lineage, data lineage, evidence class, method record, confidence treatment, uncertainty treatment, limitation statement, public-safe classification, permitted use, prohibited use, and correction path.

8.18.5(f) Publication use shall require public-safe review, redaction where appropriate, aggregation where appropriate, generalization where appropriate, responsible non-disclosure where appropriate, title and framing review, boundary-language review, metadata review, public authority reference review, provider-reference review, sponsor-reference review, and correction path.

8.18.5(g) Dashboard and map use shall require review of update cadence, geospatial precision, safe-location treatment, visualization simplification, labels, colors, scores, aggregation, community identifiability, infrastructure exposure, public warning implication, public authority implication, finance implication, provider preference, sponsor validation, and correction path.

8.18.5(h) Public authority learning use shall preserve non-delegation, non-endorsement, non-regulatory, non-procurement, non-funding, non-public-finance, non-warning, non-emergency-command, public-safe, confidence, uncertainty, limitation, and correction controls.

8.18.5(i) Where a dataset is used beyond its permitted use, GCRI Canada shall hold affected outputs, review downstream dependencies, correct records, restrict future use, notify affected interfaces where required, and take remedial action proportionate to risk.

8.18.5(j) The controlling rule shall be that dataset use must be purpose-bound because the same dataset may be safe for one use and unlawful, unsafe, misleading, or overclaiming in another.

***

8.18.6 Dataset De-Identification, Redaction, Aggregation, Sealing, Deletion, Retention, and Archival.\
8.18.6(a) Each material Dataset Card shall identify de-identification, pseudonymization, anonymization where applicable, redaction, aggregation, generalization, safe-location treatment, sealing, deletion, retention, archival, legal hold, and public-safe treatment applicable to the dataset and any derived datasets.

8.18.6(b) De-identification shall be used where appropriate to reduce privacy, re-identification, inference, dignity, retaliation, public-safe, public authority, community, or protected knowledge risk, provided that de-identification shall not be treated as complete anonymization unless supported by proper review.

8.18.6(c) Redaction shall remove or obscure personal information, rights-bearing data, cyber-sensitive information, infrastructure-sensitive information, public authority restricted information, sovereign-sensitive information, protected knowledge, community-sensitive information, source-protected information, commercial sensitivity, finance-sensitive information, controlled technology, exploit details, security controls, confidential materials, or unsafe metadata where required.

8.18.6(d) Aggregation and generalization shall be used where appropriate to reduce identifiability, sensitive-site exposure, infrastructure exposure, community harm, protected knowledge exposure, public authority risk, finance overclaim, provider preference, sponsor validation, or public-safe risk, provided that aggregation shall not conceal material variation, uncertainty, limitations, minority evidence, community-specific risk, or known gaps where such concealment would mislead.

8.18.6(e) Sealing shall be used where dataset records must be preserved but access must be restricted due to privacy, cybersecurity, public authority restriction, sovereign data, protected knowledge, community safety, source protection, legal sensitivity, privilege, commercial sensitivity, finance sensitivity, controlled technology, export-control, sanctions, investigation, dispute, or public-safe risk.

8.18.6(f) Deletion shall be used where data or derived artifacts no longer have lawful, necessary, proportionate, safe, or mission-compatible basis for retention, subject to legal hold, archival requirements, evidence integrity, correctionability obligations, public authority restrictions, community protocols, Indigenous protocols, and protected knowledge obligations.

8.18.6(g) Retention and archival shall preserve identity, source lineage, data lineage, version history, review history, correction history, status history, dependency links, access restrictions, retention basis, public-safe status, withdrawal or retraction status where applicable, and future retrieval limits.

8.18.6(h) Dataset de-identification, redaction, aggregation, sealing, deletion, retention, and archival shall not be used to conceal error, suppress correction, avoid accountability, preserve sponsor comfort, preserve provider comfort, avoid public authority discomfort, maintain finance-facing usefulness, avoid public-safe correction, or erase institutional memory.

8.18.6(i) Where dataset treatment changes, affected models, workloads, outputs, dashboards, maps, publications, Evidence Packs, Decision Packs, and dependency records shall be reviewed.

8.18.6(j) The controlling rule shall be that dataset lifecycle controls must protect people, communities, public authorities, security, sovereignty, knowledge, and evidence memory at the same time.

***

8.18.7 Dataset Cross-Border Transfer, Sovereign Data Zone, and Compute-to-Data Treatment.\
8.18.7(a) Each material Dataset Card shall identify cross-border transfer, data residency, localization, sovereign data zone, compute-to-data, secure enclave, confidential computing, air-gapped, no-download, controlled-room, clean-room, and data-room treatment where applicable.

8.18.7(b) Cross-border transfer treatment shall identify source jurisdiction, destination jurisdiction, cloud region, provider access, support access, subcontractor access, model-provider access, public authority access, transfer mechanism, contractual safeguards, technical safeguards, conflict-of-law risk, compelled-access risk, deletion or return requirements, and correction path.

8.18.7(c) Sovereign data zone treatment shall identify whether the dataset is subject to sovereign data controls, localization requirements, public authority data controls, Indigenous data considerations, community data safeguards, national data infrastructure requirements, jurisdictional access limits, or cross-border escalation triggers.

8.18.7(d) Compute-to-data treatment shall be the preferred design where moving the dataset would create unacceptable privacy, cybersecurity, sovereign data, public authority, protected knowledge, community, legal, contractual, export-control, sanctions, source-protection, or public-safe risk.

8.18.7(e) Secure enclave, confidential computing, air-gapped, no-download, controlled-room, clean-room, or data-room treatment shall be required where dataset sensitivity, access risk, extraction risk, public authority restrictions, protected knowledge risk, cyber risk, infrastructure risk, export-control risk, sanctions risk, or public-safe risk requires heightened control.

8.18.7(f) Datasets shall not be transferred, replicated, cached, embedded, indexed, trained on, retrieved from, exported through APIs, placed in dashboards, included in maps, published, or made public-safe without review of residency, localization, transfer, sovereign data, privacy, cybersecurity, public-safe, and protected knowledge obligations where applicable.

8.18.7(g) Where a dataset has been transferred, processed, cached, embedded, or exported contrary to its restrictions, GCRI Canada shall conduct incident review, legal review where required, privacy review, cybersecurity review, sovereign data review, public authority review where applicable, protected knowledge review where applicable, correction, notice where required, and downstream dependency review.

8.18.7(h) The controlling rule shall be that dataset movement is itself a governed act because where data goes determines who may access it, what law may reach it, how it may be protected, and whether it can safely support public-good evidence.

***

8.18.8 Dataset Access Controls, Logging, and Authorized Users.\
8.18.8(a) Each material Dataset Card shall identify dataset access controls, logging requirements, authorized users, authorized roles, authorized systems, authorized models, authorized APIs, authorized environments, authorized repositories, authorized reviewers, external collaborator access where any, public authority access where any, provider access where any, sponsor access where any, host access where any, community access where any, and temporary access where any.

8.18.8(b) Dataset access shall be role-based, purpose-bound, least-privilege, time-bound where appropriate, logged, revocable, and linked to lawful basis or authority, permissions, use limits, training requirements, confidentiality obligations, conflict status where material, access class, handling class, and review status.

8.18.8(c) Access controls shall prevent unauthorized viewing, copying, download, screenshotting, screen recording, local sync, embedding, training, fine-tuning, retrieval, API export, dashboard display, map display, publication, redistribution, translation, localization, AI processing, model ingestion, or secondary use.

8.18.8(d) Dataset logs shall capture, where material and lawful, access events, administrative actions, permission changes, data movement, data transformation, embedding events, retrieval events, training or fine-tuning events, evaluation events, export events, download events, deletion events, sealing events, archive events, correction events, public-safe release events, and denied or anomalous access attempts.

8.18.8(e) Authorized user records shall identify user or actor identity, role, organization, capacity, access authority, access purpose, approved data class, approved use, prohibited use, access duration, conflict status where material, confidentiality status, training status, and revocation path.

8.18.8(f) Provider, sponsor, host, capital-reader, National Company, Project SPV, university, public authority, or other external access shall not create data ownership, governance rights, publication rights, public authority status, provider preference, sponsor control, finance access, recognition, certification, procurement advantage, or execution authority beyond the record.

8.18.8(g) Where unauthorized access, improper export, improper AI use, improper embedding, improper retrieval, improper publication, access anomaly, credential compromise, or access-rule breach is detected, GCRI Canada shall route the matter to cybersecurity review, privacy review, safeguards review, public authority review where applicable, legal review, correction, notice, restriction, suspension, termination, or incident response as appropriate.

8.18.8(h) The controlling rule shall be that dataset access must be controlled and logged because evidence integrity depends on who saw, changed, moved, copied, modeled, exported, or relied upon data.

***

8.18.9 Dataset Correction, Supersession, Withdrawal, or Retraction.\
8.18.9(a) GCRI Canada shall correct, supersede, withdraw, retract where applicable, reclassify, restrict, downgrade, suspend, reinstate, retire, or archive datasets and Dataset Cards where dataset identity, source, provenance, custody, license, permission, consent or non-consent treatment, classification, quality, completeness, bias, representativeness, timeliness, public-safe status, access controls, use limits, transfer status, retention status, or correction path is inaccurate, incomplete, stale, unsafe, unauthorized, overclaimed, disputed, or no longer fit for purpose.

8.18.9(b) Dataset correction shall apply where data are incorrect, duplicated, corrupted, misformatted, mislinked, mistranslated, misclassified, unlawfully included, improperly transformed, improperly de-identified, improperly aggregated, improperly redacted, improperly embedded, improperly retrieved, improperly trained on, improperly published, or otherwise inconsistent with the Dataset Card.

8.18.9(c) Dataset supersession shall apply where a new dataset version replaces a prior version because of corrected data, updated sources, changed permissions, changed classification, changed quality, changed public-safe status, changed ontology, changed schema, changed data dictionary, changed confidence, changed uncertainty, changed limitations, or changed permitted use.

8.18.9(d) Dataset withdrawal shall apply where a dataset cannot safely, lawfully, or responsibly remain in active use because of permission defect, lawful basis defect, privacy defect, cybersecurity defect, sovereign data defect, public authority restriction, protected knowledge defect, community safeguard defect, source defect, quality defect, public-safe defect, finance-boundary defect, provider-neutrality defect, sponsor-control defect, or unresolved dispute.

8.18.9(e) Dataset retraction shall apply where a public dataset, public-safe dataset summary, dataset-derived public output, or material dataset claim was materially wrong, unsupported, unsafe, authority-inflating, finance-inflating, procurement-inflating, provider-preferential, sponsor-controlled, privacy-invasive, security-sensitive, community-harming, protected-knowledge-infringing, or inconsistent with GCRI Canada’s public-benefit duties.

8.18.9(f) Dataset correction, supersession, withdrawal, or retraction shall trigger review of affected models, embeddings, retrieval stores, evaluation records, benchmark records, Compute Workload Records, Evidence Packs, Decision Packs, dashboards, maps, APIs, public-safe reports, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, Rails handoffs, Academy materials, provider materials, sponsor materials, host materials, community-facing materials, public claims, and dependency records.

8.18.9(g) Corrected or superseded datasets shall not be represented as clean, complete, unbiased, certified, recognized, finance-ready, public-authority-approved, procurement-approved, provider-endorsed, sponsor-approved, protocol-effective, guaranteed, public-safe for all purposes, or execution-ready merely because they have been corrected or reissued.

8.18.9(h) Dataset correction shall not be suppressed because correction may affect reputation, sponsor comfort, provider comfort, public authority comfort, finance-facing usefulness, model performance, dashboard continuity, publication timing, program momentum, media narrative, or technical convenience.

8.18.9(i) The controlling rule shall be that dataset defects must be corrected at both the dataset and dependency level because datasets propagate into models, outputs, dashboards, maps, publications, and public claims.

***

8.18.10 Dataset Register and Review Cycle.\
8.18.10(a) GCRI Canada shall maintain, or cause to be maintained, a Dataset Register for material datasets used by or on behalf of GCRI Canada and shall maintain a review cycle for such datasets proportionate to risk.

8.18.10(b) The Dataset Register shall identify dataset title or identifier, dataset type, owner where known, GCRI Canada owner or responsible function where applicable, custodian, steward, contributor, source, provenance, version, license, permissions, consent or non-consent treatment where applicable, use limits, data class, evidence class, technology domain, risk domain, public-safe status, access class, handling class, public authority status, personal information status, health-sensitive status, cyber-sensitive status, infrastructure-sensitive status, sovereign data status, community-protected status, protected knowledge status, finance-sensitive status, commercial sensitivity, export-control sensitivity, sanctions sensitivity, AI-use status, training-use status, embedding-use status, retrieval-use status, transfer status, retention status, correction path, supersession path, withdrawal path, retraction path where applicable, retirement path, archive path, and dependency links.

8.18.10(c) The Dataset Register shall distinguish proposed datasets, approved datasets, restricted datasets, controlled-room datasets, public-safe datasets, training-prohibited datasets, embedding-prohibited datasets, retrieval-prohibited datasets, publication-prohibited datasets, public authority-restricted datasets, finance-sensitive datasets, provider-sensitive datasets, sponsor-sensitive datasets, community-protected datasets, protected knowledge datasets, corrected datasets, superseded datasets, withdrawn datasets, retracted datasets, suspended datasets, reinstated datasets, retired datasets, archived datasets, and prohibited datasets.

8.18.10(d) Dataset review shall occur on schedule and upon material change, including new source, new version, new permission, new license, new consent or non-consent condition, new lawful basis issue, new classification, new quality issue, new public-safe status, new access class, new transfer, new use in training, new use in embedding, new use in retrieval, new publication use, new public authority use, new finance-facing use, new GRF input use, new GRA input use, new Protocol Authority input use, new provider-facing use, new sponsor-facing use, new community-facing use, new protected knowledge concern, new privacy risk, new cybersecurity risk, new sovereign data risk, new export-control or sanctions risk, new dispute, new incident, new correction, or new downstream dependency.

8.18.10(e) Dataset review may include evidence review, source review, data lineage review, quality review, bias review, representativeness review, timeliness review, ontology review, schema review, privacy review, cybersecurity review, AI review, sovereign data review, public authority review, safeguards review, Indigenous or protected knowledge review, export-control review, sanctions review, finance-boundary review, provider-neutrality review, sponsor non-control review, competition review, legal review, interface review, committee review, officer review, Board reporting, or independent review where appropriate.

8.18.10(f) Where review identifies a dataset that is unauthorized, misclassified, insecure, unlogged, unreviewed, unlawful, privacy-defective, cyber-defective, sovereign-data-defective, public authority-defective, protected-knowledge-defective, finance-boundary-defective, provider-neutrality-defective, sponsor-control-defective, biased beyond recorded use, materially incomplete, stale, overclaimed, disputed, or no longer fit for purpose, GCRI Canada shall hold, restrict, correct, reclassify, downgrade, suspend, supersede, withdraw, retire, archive, or prohibit the dataset as appropriate.

8.18.10(g) The Dataset Register shall be linked, where applicable, to Evidence Register entries, Source Comparison Records, Method Register entries, Model Register entries, Model Cards, System Cards, Dataset Cards, Benchmark Cards, Compute Workload Records, Compute Environment Records, Observability Register entries, Ontology and Controlled Vocabulary Register entries, Evidence Pack Register entries, Decision Pack Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.18.10(h) The Dataset Register and review cycle shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.18.10(i) The controlling rule shall be that dataset governance requires a register and review cycle because datasets change in authority, quality, permissions, sensitivity, public-safe status, and downstream effect over time.

### 8.19 System Cards and Benchmark Cards

8.19.1 System Card Requirement for Material Technical Systems.\
8.19.1(a) GCRI Canada shall maintain, or cause to be maintained, System Cards for material technical systems used by or on behalf of GCRI Canada where such systems materially affect evidence, methods, source comparison, confidence, uncertainty, limitation statements, public-safe outputs, controlled-room outputs, dashboards, maps, APIs, datasets, Evidence Packs, Decision Packs, Verifiable Compute, Verifiable Intelligence, Nexus Truth Engine activities, Nexus Observatory activities, Nexus Risk Management activities, Nexus Rails handoffs, Nexus Grid inputs, Nexus Academy materials, public-good software, open technical baselines, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, media materials, or public claims.

8.19.1(b) A System Card shall be required for material model-enabled systems, AI-assisted systems, retrieval systems, embedding systems, inference systems, dashboard systems, map systems, API systems, dataset systems, evidence-routing systems, observability systems, compute environments, secure research environments, controlled-room systems, data-room systems, clean-room systems, public-good software systems, technical baseline systems, benchmark systems, validation systems, correction workflow systems, source-comparison systems, confidence-scoring systems, uncertainty-treatment systems, public-safe publication systems, and other technical systems whose operation shapes institutional outputs.

8.19.1(c) System Card requirements shall apply whether the system is internally developed, externally supplied, open-source, proprietary, cloud-hosted, locally hosted, sovereign-cloud hosted, public authority hosted, university hosted, provider supplied, sponsor supported, host supported, National Company supplied, Project SPV supplied, API accessed, repository based, dashboard embedded, map embedded, or integrated into a wider Nexus interface.

8.19.1(d) A system shall not be treated as approved, safe, public-safe, evidence-valid, finance-safe, public-authority-safe, provider-neutral, sponsor-non-controlled, or correctionable merely because it is technically functional, commercially reputable, provider-promoted, sponsor-supported, public authority used, university hosted, widely adopted, certified elsewhere, benchmarked elsewhere, cryptographically secured, AI-enabled, or convenient.

8.19.1(e) System Card governance shall be proportionate to system risk, including data class, evidence class, output class, model use, AI use, public-safe status, public authority relevance, finance relevance, provider relevance, sponsor relevance, protected knowledge relevance, community relevance, privacy risk, cybersecurity risk, sovereign data risk, export-control risk, sanctions risk, controlled-technology risk, and downstream dependency.

8.19.1(f) Where a material system has been used without a System Card, GCRI Canada shall identify affected outputs, complete or reconstruct the System Card where possible, review system purpose, architecture, data flows, model flows, controls, risks, incidents, and correction paths, restrict or hold affected outputs where appropriate, and correct downstream dependencies where required.

8.19.1(g) A System Card shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.19.1(h) The controlling rule shall be that material technical systems require System Cards because evidence integrity depends not only on data and models, but also on the systems through which data, models, people, workflows, outputs, and corrections interact.

***

8.19.2 System Purpose, Architecture, Components, Data Flows, Model Flows, Human Roles, Authority Boundaries, and Failure Modes.\
8.19.2(a) Each material System Card shall identify system purpose, system scope, system owner, custodian, steward, provider where any, developer where any, host where any, sponsor support where any, deployment context, environment, version, release status, approved uses, prohibited uses, output classes supported, audiences supported, access class, handling class, public-safe status, controlled-room status where applicable, and correction path.

8.19.2(b) System purpose shall identify whether the system supports evidence collection, evidence processing, source comparison, confidence scoring, uncertainty treatment, limitation generation, AI-assisted retrieval, AI-assisted summarization, model evaluation, benchmark execution, observability, dashboarding, mapping, API delivery, dataset management, public-safe publication, controlled-room review, public authority learning, GRF input, GRA input, Protocol Authority support, Nexus Rails handoff, Nexus Grid input, Nexus Academy material, public-good software, technical baseline support, or correction workflow.

8.19.2(c) System architecture shall identify, at a level proportionate to risk and safe disclosure, the system components, repositories, databases, data stores, model components, retrieval components, embedding components, APIs, dashboards, maps, user interfaces, workflow engines, logging systems, access-control systems, monitoring systems, compute environments, security layers, public-safe release layers, correction layers, and external dependencies.

8.19.2(d) Data flows shall identify data inputs, data sources, data lineage, data classes, evidence classes, transformations, storage locations, processing locations, transfer routes, cross-border flows, embedding flows, retrieval flows, caching, backups, exports, publication pathways, retention, deletion, sealing, archival, and correction flows.

8.19.2(e) Model flows shall identify model inputs, retrieval sources, embedding stores, inference steps, tool calls where any, human review points, output generation, confidence effects, uncertainty effects, limitation effects, public-safe effects, model output restrictions, model logging, model monitoring, and model correction pathways.

8.19.2(f) Human roles shall identify system users, reviewers, stewards, custodians, administrators, approvers, public-safe reviewers, privacy reviewers, cybersecurity reviewers, safeguards reviewers, public authority boundary reviewers, finance boundary reviewers, provider-neutrality reviewers, sponsor non-control reviewers, external collaborators, and escalation actors.

8.19.2(g) Authority boundaries shall identify what the system may support and what it must not do, including no certification, no recognition, no finance-readiness, no investment advice, no public authority decision, no procurement approval, no provider endorsement, no sponsor approval, no rating, no guarantee, no public warning, no emergency command, no protocol effect, no operational clearance, no legal status, no professional advice, no market authority, no infrastructure operation, and no execution consequence by default.

8.19.2(h) Failure modes shall identify, where material, data-flow failure, model-flow failure, access-control failure, retrieval failure, embedding failure, hallucination, false citation, false precision, stale output, dashboard error, map error, API error, confidence error, uncertainty omission, public-safe release failure, cross-border transfer failure, privacy failure, cybersecurity failure, protected knowledge exposure, public authority overclaim, finance overclaim, provider preference, sponsor validation, correction failure, dependency breakage, and human review failure.

8.19.2(i) The controlling rule shall be that a System Card must show how a system works, who interacts with it, where authority stops, and how it can fail, because hidden system architecture becomes hidden institutional risk.

***

8.19.3 System Security, Privacy, Data, AI, Cyber, Public Authority, and Safeguard Controls.\
8.19.3(a) Each material System Card shall identify system security, privacy, data, AI, cybersecurity, sovereign data, public authority, safeguards, Indigenous and protected knowledge, finance-boundary, provider-neutrality, sponsor non-control, competition, legal, export-control, sanctions, controlled-technology, and public-safe controls where applicable.

8.19.3(b) Security controls shall identify identity and access management, role-based access, least privilege, segmentation, isolation, logging, monitoring, credential controls, key management, token management, secrets management, vulnerability management, dependency review, secure configuration, backup, recovery, incident response, decommissioning, and exit readiness.

8.19.3(c) Privacy controls shall identify purpose limitation, minimization, access controls, de-identification where applicable, pseudonymization where applicable, aggregation, redaction, retention limits, deletion paths, re-identification risk, inference risk, metadata exposure, rights-response pathways where applicable, and public-safe release controls.

8.19.3(d) Data controls shall identify dataset registration, Dataset Cards, data lineage, data classification, lawful basis or authority where applicable, permissions, consent or non-consent treatment where applicable, license terms, transfer limits, training-use limits, embedding-use limits, retrieval-use limits, publication limits, retention limits, sealing, archival, and correction path.

8.19.3(e) AI controls shall identify Model Register entries, Model Cards, System Cards, Dataset Cards, Benchmark Cards, evaluation records, retrieval controls, embedding controls, prompt or query controls where applicable, inference records where material, human review requirements, output review requirements, hallucination controls, bias controls, drift controls, prompt-injection controls, tool-use controls, agentic overreach controls, and no-AI-as-authority controls.

8.19.3(f) Cybersecurity controls shall identify secure repositories, secure build practices, dependency controls, SBOM-related controls where applicable, secrets scanning, vulnerability review, incident logging, access anomaly detection, cyber-sensitive data handling, exploit-sensitive information handling, security telemetry controls, and public-safe cyber disclosure controls.

8.19.3(g) Public authority controls shall identify public authority data status, capacity classification, official or non-official source status, public authority restrictions, agency reference controls, non-delegation language, non-endorsement language, non-warning language, non-procurement language, non-regulatory language, non-funding language, non-public-finance language, and correction path.

8.19.3(h) Safeguard controls shall identify community context, Indigenous or local knowledge context, protected knowledge treatment, cultural protocol, community protocol, protected participation, source protection, vulnerable community exposure, retaliation risk, public-safe mapping, accessibility, translation, localization, and do-no-harm controls.

8.19.3(i) Finance-boundary, provider-neutrality, sponsor non-control, and competition controls shall identify how the system prevents investment advice, ratings, guarantees, finance-readiness, public finance approval, provider preference, procurement advantage, sponsor control, benchmark manipulation, outcome purchase, market allocation, or public claim overreach.

8.19.3(j) Where system controls are incomplete, stale, untested, failed, bypassed, or no longer proportionate to risk, GCRI Canada shall hold, restrict, reconfigure, correct, suspend, replace, retire, or refuse the system or affected use.

8.19.3(k) The controlling rule shall be that system controls must be recorded because public-good technical systems are trustworthy only when their security, privacy, AI, data, public authority, safeguards, and boundary controls are visible to governance and correction.

***

8.19.4 System Evaluation, Validation, Monitoring, Incident History, and Change Log.\
8.19.4(a) Each material System Card shall identify system evaluation, validation, monitoring, incident history, change log, correction history, restriction history, suspension history, deprecation history, retirement status, and archive status.

8.19.4(b) System evaluation shall assess whether the system performs its recorded purpose within permitted data classes, evidence classes, output classes, audiences, environments, public-safe status, access controls, model controls, security controls, privacy controls, public authority boundaries, finance boundaries, provider-neutrality boundaries, sponsor non-control boundaries, protected knowledge safeguards, and correction requirements.

8.19.4(c) Validation shall be context-specific. A system validated for one output class, audience, technology domain, risk domain, dataset, model, public authority context, finance-facing context, provider-facing context, sponsor-facing context, community context, or public-safe use shall not be treated as validated for another without review.

8.19.4(d) Monitoring shall identify unauthorized access, anomalous activity, data leakage, retrieval drift, embedding drift, model drift, output drift, dashboard drift, map drift, API error, dependency failure, stale records, confidence error, uncertainty omission, public-safe failure, boundary overclaim, public authority overclaim, finance overclaim, provider preference, sponsor validation, protected knowledge exposure, privacy event, cybersecurity event, and correction failure.

8.19.4(e) System incident history shall identify incidents affecting confidentiality, integrity, availability, evidence integrity, public-safe status, privacy, cybersecurity, sovereign data, public authority data, protected knowledge, community safeguards, finance boundaries, provider neutrality, sponsor non-control, output meaning, public claims, or downstream dependencies.

8.19.4(f) System change logs shall identify changes to architecture, components, data flows, model flows, retrieval sources, embedding stores, APIs, dashboards, maps, access controls, logging controls, monitoring controls, public-safe controls, security controls, privacy controls, data controls, model controls, boundary language, output classes, audiences, dependencies, and correction paths.

8.19.4(g) Material system changes shall not be silently deployed where they affect evidence meaning, confidence, uncertainty, limitations, access, classification, public-safe status, public authority meaning, finance-facing meaning, provider-facing meaning, sponsor-facing meaning, community-facing meaning, protected knowledge treatment, Nexus interface meaning, public claims, or downstream dependencies.

8.19.4(h) Where evaluation, validation, monitoring, incident history, or change log reveals system defect, drift, overclaim, unsafe disclosure, access failure, boundary failure, public-safe failure, correction failure, or dependency failure, GCRI Canada shall restrict, correct, reconfigure, suspend, supersede, withdraw, retire, archive, or refuse the system or affected outputs as appropriate.

8.19.4(i) The controlling rule shall be that systems must be evaluated, monitored, and changed through records because unmonitored systems silently convert technical drift into institutional drift.

***

8.19.5 Benchmark Card Requirement for Material Benchmarks.\
8.19.5(a) GCRI Canada shall maintain, or cause to be maintained, Benchmark Cards for material benchmarks, tests, validation sprints, evaluation harnesses, performance comparisons, stress tests, negative tests, adversarial tests, public-safe tests, model evaluations, provider demonstrations, technical baseline tests, public-good software tests, observability tests, sensor tests, AI-RAN tests, O-RAN tests, cyber tests, geospatial tests, digital twin tests, simulation tests, secure compute tests, and other comparative or evaluative exercises used by or on behalf of GCRI Canada.

8.19.5(b) A Benchmark Card shall be required where a benchmark materially affects evidence meaning, model evaluation, system evaluation, method validation, confidence, uncertainty, limitation statements, technical baselines, public-good software, public-safe publication, dashboards, maps, Evidence Packs, Decision Packs, public authority learning, GRF inputs, GRA inputs, Protocol Authority inputs, provider-facing materials, sponsor-facing materials, host-facing materials, Academy materials, Nexus interface records, public claims, or downstream dependencies.

8.19.5(c) Benchmark Card requirements shall apply whether the benchmark is internally designed, externally supplied, provider supplied, sponsor supported, public authority observed, university run, laboratory run, open-source, proprietary, automated, manual, AI-assisted, model-based, simulation-based, field-based, controlled-room based, public-safe, or experimental.

8.19.5(d) A benchmark shall not be treated as institutionally valid merely because it is numeric, reproducible, technically sophisticated, provider-published, sponsor-supported, widely used, academically recognized, public authority observed, cloud-run, cryptographically logged, or aligned with external standards.

8.19.5(e) Benchmark Card governance shall be proportionate to benchmark consequence, including whether the result may affect provider comparison, public authority interpretation, finance-facing interpretation, GRF inputs, GRA inputs, Protocol Authority inputs, public-safe claims, technical baseline status, public-good software status, procurement-adjacent contexts, market perception, or public trust.

8.19.5(f) Where a material benchmark has been used without a Benchmark Card, GCRI Canada shall identify affected outputs, complete or reconstruct the Benchmark Card where possible, assess benchmark purpose, method, conditions, data, limits, influence risks, and prohibited claims, and correct downstream dependencies where required.

8.19.5(g) A Benchmark Card shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.19.5(h) The controlling rule shall be that material benchmarks require Benchmark Cards because tests can easily become unauthorized ratings unless their purpose, method, limits, conditions, and prohibited claims are recorded.

***

8.19.6 Benchmark Purpose, Scope, Dataset, Method, Conditions, Metrics, Limitations, Bias, Failure Modes, and Review Status.\
8.19.6(a) Each material Benchmark Card shall identify benchmark purpose, benchmark scope, benchmark owner, custodian, steward, sponsor where any, provider where any, host where any, public authority observer where any, reviewer, approving actor where applicable, version, status, public-safe status, access class, handling class, and correction path.

8.19.6(b) Benchmark purpose shall identify what the benchmark is intended to test, compare, observe, stress, validate, challenge, reproduce, evaluate, or explain, and shall identify what the benchmark is not intended to measure.

8.19.6(c) Benchmark scope shall identify technology domain, risk domain, evidence class, data class, system tested, model tested, method tested, provider context, host context, public authority context, community context, environment, jurisdiction, time window, operating conditions, audience, permitted uses, prohibited uses, and output classes supported.

8.19.6(d) Dataset treatment shall identify datasets used, Dataset Cards, source records, data lineage, data class, permissions, license, consent or non-consent where applicable, public-safe status, data quality, missingness, bias, representativeness, timeliness, gaps, limitations, and correction path.

8.19.6(e) Method treatment shall identify benchmark method, method version, test design, evaluation harness, code version, configuration, assumptions, exclusions, sampling method, scoring method, threshold logic where any, negative tests, adversarial tests, edge cases, reproducibility status, reviewer requirements, and correction path.

8.19.6(f) Conditions shall identify test environment, compute environment, hardware where material, software where material, network conditions where material, model version, system version, provider-supplied configuration, sponsor-supplied resources, public authority context, field conditions, laboratory conditions, controlled-room conditions, and any limitations affecting interpretation.

8.19.6(g) Metrics shall identify what is measured, how it is measured, scale, unit, threshold, confidence, uncertainty, error rate where applicable, false positives, false negatives, latency, reliability, robustness, resilience, safety, security, public-safe quality, or other metric meaning; and shall identify where metrics are not comparable across contexts.

8.19.6(h) Limitations, bias, and failure modes shall identify benchmark limits, dataset limits, method limits, model limits, system limits, environment limits, provider influence, sponsor influence, sample limitations, public authority context limits, finance-boundary limits, protected knowledge limits, public-safe limits, reproducibility limits, false precision risk, and known failure modes.

8.19.6(i) Review status shall identify whether the benchmark is proposed, experimental, internally reviewed, technically reviewed, method reviewed, data reviewed, model reviewed, public-safe reviewed, privacy reviewed, cybersecurity reviewed, public authority reviewed, finance-boundary reviewed, provider-neutrality reviewed, sponsor non-control reviewed, safeguards reviewed, legal reviewed, committee reviewed, officer approved, independently reviewed, corrected, superseded, withdrawn, retired, or archived.

8.19.6(j) The controlling rule shall be that a benchmark result has meaning only through its recorded purpose, scope, data, method, conditions, metrics, limitations, bias treatment, failure modes, and review status.

***

8.19.7 Benchmark Results as Technical Evidence, Not Certification, Ranking, Procurement Preference, Rating, or Finance-Readiness by Default.\
8.19.7(a) Benchmark results shall be technical evidence and shall not constitute certification, ranking, procurement preference, public tender advantage, provider endorsement, sponsor approval, recognition, standing, maturity record, finance-readiness, investment advice, rating, guarantee, public authority decision, regulatory approval, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.19.7(b) Benchmark results may support evidence interpretation, model evaluation, system evaluation, method review, technical baseline support, public-good software review, public-safe learning, public authority learning, GRF inputs, GRA inputs, Protocol Authority support, Nexus Observatory review, Nexus Risk Management review, Nexus Rails handoffs, and Academy training only within recorded limits.

8.19.7(c) Benchmark results shall not be marketed, displayed, summarized, ranked, badged, scored, labelled, quoted, visualized, or reused in a manner that implies provider superiority, procurement approval, finance quality, credit quality, insurance quality, resilience rating, safety certification, security certification, public authority approval, Nexus-compatible status, GRF recognition, GRA finance-readiness, Protocol Authority conformance, or execution readiness.

8.19.7(d) Provider benchmarks, sponsor-supported benchmarks, validation sprint results, public authority observed benchmarks, public-good software tests, technical baseline tests, model evaluations, and dashboard-visible benchmark results shall carry boundary language sufficient to prevent unauthorized status.

8.19.7(e) Where benchmark results compare providers, systems, technologies, models, environments, datasets, hosts, National Companies, Project SPVs, or project contexts, GCRI Canada shall preserve provider neutrality, competition safety, method limits, context limits, public-safe limits, confidence, uncertainty, limitations, and prohibited claims.

8.19.7(f) Where a competent downstream actor uses benchmark results in its own lawful process, such use shall remain the downstream actor’s own use within its own authority, procedures, records, and accountability, and shall not be attributed to GCRI Canada as procurement, finance, certification, recognition, public authority, or execution decision.

8.19.7(g) Where benchmark results are misused to imply certification, ranking, procurement preference, rating, finance-readiness, public authority approval, provider endorsement, sponsor approval, protocol effect, guarantee, or execution readiness, GCRI Canada shall require correction, withdrawal, retraction, relabeling, removal of references, public-safe clarification, controlled notice, interface suspension, contract remedy, or legal action where appropriate.

8.19.7(h) The controlling rule shall be that benchmark results may strengthen technical understanding, but they shall not become market status, public authority status, certification status, finance status, or execution status by implication.

***

8.19.8 Benchmark Reproducibility, Negative Tests, Adversarial Tests, Edge Cases, and Context Limits.\
8.19.8(a) Each material Benchmark Card shall identify benchmark reproducibility, negative tests, adversarial tests, edge cases, context limits, sensitivity limits, failure-mode coverage, and conditions under which results may or may not be replicated, compared, published, generalized, or relied upon.

8.19.8(b) Reproducibility treatment shall identify whether the benchmark is fully reproducible, partially reproducible, method-reproducible, reviewer-reproducible, controlled-room reproducible, compute-to-data reproducible, non-reproducible for lawful or safety reasons, or not appropriate for reproducibility due to privacy, cybersecurity, sovereign data, protected knowledge, public authority restrictions, IP, source protection, controlled technology, export-control, sanctions, or public-safe limits.

8.19.8(c) Negative tests shall identify whether the benchmark tests failure, refusal, boundary handling, prohibited-use handling, unsafe-input handling, missing-data handling, stale-data handling, spoofed-signal handling, corrupted-data handling, public-safe release prevention, access denial, and correction triggering.

8.19.8(d) Adversarial tests shall identify whether the benchmark tests prompt injection, data poisoning, evasion, spoofing, tampering, replay, synthetic data manipulation, false source insertion, model hallucination, unauthorized retrieval, credential exposure, data leakage, tool misuse, agentic overreach, dashboard manipulation, map manipulation, and other adversarial conditions.

8.19.8(e) Edge cases shall identify rare conditions, high-consequence conditions, minority evidence, small populations, vulnerable communities, unusual geographies, degraded modes, low-connectivity settings, extreme weather, disaster conditions, cyber incidents, infrastructure failure, language variation, translation variation, public authority ambiguity, protected knowledge constraints, and unusual provider or sponsor contexts.

8.19.8(f) Context limits shall identify whether benchmark results are valid only for specified datasets, model versions, system versions, hardware, software, environment, provider configuration, sponsor conditions, geography, jurisdiction, language, time period, public authority context, community context, risk domain, technology domain, or output class.

8.19.8(g) Benchmark results shall not be generalized beyond their context limits. Where results are reused in Evidence Packs, Decision Packs, dashboards, maps, public-safe publications, public authority materials, GRF inputs, GRA inputs, Protocol Authority support, provider materials, sponsor materials, host materials, Academy materials, or public claims, context limits shall travel with the result.

8.19.8(h) Where reproducibility, negative tests, adversarial tests, edge cases, or context limits reveal benchmark weakness, GCRI Canada shall qualify, downgrade, restrict, correct, rerun, supersede, withdraw, retire, or refuse the benchmark result as appropriate.

8.19.8(i) The controlling rule shall be that benchmark strength depends not only on successful results, but also on what was tested for failure, manipulation, edge conditions, and context dependence.

***

8.19.9 Public-Safe Benchmark Publication Controls.\
8.19.9(a) GCRI Canada shall maintain public-safe benchmark publication controls for benchmark results, benchmark summaries, validation sprint summaries, technical baseline summaries, public-good software test reports, model evaluation summaries, provider demonstration summaries, dashboard displays, map displays, Academy materials, public websites, repositories, media materials, event materials, and public claims involving benchmarks.

8.19.9(b) Public-safe benchmark publication shall identify, where material, benchmark purpose, benchmark scope, test conditions, dataset limits, method limits, confidence, uncertainty, limitations, public-safe status, provider role where any, sponsor role where any, host role where any, public authority observation where any, permitted claims, prohibited claims, boundary language, correction path, and supersession status.

8.19.9(c) Public-safe benchmark publication shall not disclose personal information, rights-bearing data, cyber-sensitive information, infrastructure-sensitive information, public authority restricted information, sovereign-sensitive information, protected knowledge, community-sensitive information, confidential source information, exploit details, security controls, controlled technology, commercially sensitive information, finance-sensitive information, or other restricted material unless lawful, authorized, safe, mission-compatible, and records-valid.

8.19.9(d) Public-safe benchmark publication shall avoid false precision, misleading rankings, provider preference, procurement implication, finance implication, public authority approval implication, certification implication, recognition implication, protocol implication, sponsor validation, public warning implication, emergency-command implication, operational clearance implication, or execution-readiness implication.

8.19.9(e) Public-safe benchmark publication shall review titles, headings, labels, scores, tables, charts, rankings, colors, badges, logos, provider names, sponsor acknowledgments, public authority references, Nexus references, metadata, file names, repository descriptions, captions, summaries, social media text, and third-party quotation risk.

8.19.9(f) Where benchmark results cannot be safely published in detail, GCRI Canada may issue public-safe summaries, controlled annexes, restricted reports, or no-publication treatment that preserves public meaning without unsafe disclosure or overclaim.

8.19.9(g) Where a published benchmark becomes inaccurate, stale, unsafe, overclaimed, misclassified, misused, or superseded, GCRI Canada shall correct, restrict, supersede, withdraw, retract, relabel, reissue, or issue public-safe or controlled correction notice as appropriate.

8.19.9(h) The controlling rule shall be that benchmark publication must make technical evidence understandable without turning tests into unsafe disclosure, provider marketing, public authority approval, finance signal, certification, rating, or execution claim.

***

8.19.10 System Card and Benchmark Card Registers, Corrections, Supersessions, and Retirements.\
8.19.10(a) GCRI Canada shall maintain, or cause to be maintained, System Card and Benchmark Card Registers for material systems and benchmarks used by or on behalf of GCRI Canada and shall maintain correction, supersession, withdrawal, retraction where applicable, restriction, suspension, reinstatement, deprecation, retirement, and archive paths for such cards.

8.19.10(b) The System Card Register shall identify system title or identifier, system type, owner, custodian, steward, provider where any, developer where any, host where any, sponsor support where any, version, release status, deployment context, purpose, architecture status, data-flow status, model-flow status, access class, handling class, public-safe status, approved uses, prohibited uses, supported output classes, supported audiences, risk class, review status, incident status, correction path, supersession path, retirement path, archive path, and dependency links.

8.19.10(c) The Benchmark Card Register shall identify benchmark title or identifier, benchmark type, owner, custodian, steward, sponsor where any, provider where any, host where any, public authority observer where any, version, status, purpose, scope, dataset, method, conditions, metrics, limitations, bias treatment, failure-mode treatment, reproducibility status, public-safe status, approved claims, prohibited claims, review status, correction path, supersession path, withdrawal path, retraction path where applicable, retirement path, archive path, and dependency links.

8.19.10(d) System Cards and Benchmark Cards shall be reviewed on schedule and upon material change, including new system version, new architecture, new data flow, new model flow, new dependency, new provider, new sponsor support, new host context, new deployment environment, new dataset, new method, new benchmark condition, new output class, new public-safe use, new public authority use, new finance-facing use, new GRF input use, new GRA input use, new Protocol Authority input use, new provider-facing use, new sponsor-facing use, new incident, new dispute, new correction, new legal development, new privacy risk, new cybersecurity risk, new sovereign data risk, new protected knowledge concern, or new downstream dependency.

8.19.10(e) Correction shall be required where a System Card or Benchmark Card is inaccurate, incomplete, stale, unsafe, overbroad, overclaimed, misclassified, inconsistent with actual system or benchmark behavior, inconsistent with permissions, inconsistent with public-safe status, inconsistent with boundary limits, or no longer fit for purpose.

8.19.10(f) Supersession shall be required where a new System Card or Benchmark Card replaces a prior version because of changed system architecture, changed benchmark method, changed data, changed model, changed environment, changed access controls, changed public-safe status, changed confidence, changed uncertainty, changed limitation statement, changed boundary language, changed permitted use, changed prohibited use, or changed correction path.

8.19.10(g) Retirement shall apply where a system or benchmark is no longer approved for active use, has been replaced, has become unsupported, has become unsafe, has become obsolete, has been prohibited, or no longer fits GCRI Canada’s mandate. Retirement records shall identify prohibited future use, permitted archive use, affected workflows, affected outputs, migration path where any, public-safe notice where required, controlled notice where required, and archive treatment.

8.19.10(h) Where a System Card or Benchmark Card is corrected, superseded, withdrawn, retracted, restricted, suspended, reinstated, deprecated, retired, or archived, GCRI Canada shall review affected Evidence Register entries, Dataset Register entries, Model Register entries, Method Register entries, Compute Workload Records, Compute Environment Records, Observability Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.19.10(i) System Card and Benchmark Card Registers, corrections, supersessions, and retirements shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.19.10(j) The controlling rule shall be that System Cards and Benchmark Cards must be registered, corrected, superseded, and retired because technical systems and tests change over time, and public-good evidence cannot rely on stale, hidden, or overclaimed technical records.

### 8.20 Training, Fine-Tuning, Embedding, Retrieval, and Model Improvement Restrictions

8.20.1 Prohibition on Use of Sensitive Nexus, GCRI Canada, Public Authority, Personal, Health-Sensitive, Cyber-Sensitive, Infrastructure-Sensitive, Community-Protected, Indigenous, Protected Knowledge, Confidential, or Restricted Materials for AI Training Without Express Recorded Authority.\
8.20.1(a) GCRI Canada shall prohibit the use of sensitive Nexus materials, GCRI Canada materials, public authority materials, personal information, rights-bearing data, health-sensitive materials, cyber-sensitive materials, infrastructure-sensitive materials, community-protected materials, Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, protected knowledge, confidential materials, source-protected materials, privileged materials, finance-sensitive materials, commercially sensitive materials, controlled technology, export-controlled materials, sanctions-sensitive materials, or other restricted materials for AI training without express recorded authority.

8.20.1(b) Express recorded authority shall identify, where applicable, the dataset, source records, owner, custodian, steward, lawful basis, license, consent or non-consent treatment, public authority authority, community protocol, Indigenous protocol, protected knowledge restrictions, data class, evidence class, access class, handling class, training-use status, transfer status, retention status, model identity, model provider, compute environment, permitted use, prohibited use, review status, public-safe status, and correction path.

8.20.1(c) No material shall be treated as available for AI training merely because it is accessible to GCRI Canada, uploaded into a repository, included in a data room, discussed in a controlled room, received from a public authority, provided by a sponsor, provided by a provider, visible in a dashboard, included in a public-safe summary, shared in a meeting, included in an email, stored in cloud systems, generated through Nexus activities, or technically ingestible by a model.

8.20.1(d) AI training shall include pre-training, continued pre-training, domain adaptation, supervised fine-tuning where used as training, reinforcement learning, preference training, instruction tuning, embedding model training, classifier training, retrieval model training, synthetic-data generation for training, evaluation-to-training feedback loops, automated model improvement, vendor model improvement, and any other process by which materials may alter model weights, model behavior, model memory, model retrieval behavior, or future model outputs.

8.20.1(e) The default rule shall be no training use unless training use is affirmatively authorized in the applicable Dataset Card, Model Register entry, Compute Workload Record, data-sharing record, consent record where applicable, public authority record where applicable, community or Indigenous protocol record where applicable, and review record.

8.20.1(f) Sensitive or restricted materials shall not be used for training where deletion, withdrawal, correction, unlearning, source protection, public-safe restriction, sovereign data restriction, privacy obligation, public authority restriction, protected knowledge condition, or legal condition cannot be honored at a level proportionate to risk.

8.20.1(g) Where unauthorized training use is suspected or confirmed, GCRI Canada shall treat the matter as a data, model, evidence-integrity, privacy, cybersecurity, public-safe, and correction event requiring incident review, affected-output review, vendor review where applicable, dependency review, correction, restriction, notice where required, and remedial action.

8.20.1(h) The controlling rule shall be that model training is not ordinary processing; it is a high-consequence use of institutional material and shall occur only where expressly authorized, lawful, safeguarded, recorded, and correctionable.

***

8.20.2 Fine-Tuning Restrictions.\
8.20.2(a) GCRI Canada shall restrict fine-tuning of AI models using GCRI Canada materials, Nexus materials, public authority materials, personal information, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, community-protected data, Indigenous or protected knowledge, finance-sensitive data, commercially sensitive data, confidential source information, controlled technology, export-controlled materials, sanctions-sensitive materials, or other restricted content.

8.20.2(b) Fine-tuning shall not occur unless a records-valid approval identifies model identity, model provider, base model, fine-tuning method, training corpus, Dataset Cards, lawful basis, permissions, consent or non-consent treatment where applicable, public authority restrictions, community or Indigenous protocols where applicable, data classification, compute environment, jurisdiction, transfer status, retention status, evaluation plan, deletion plan, withdrawal limits, unlearning limits, public-safe status, permitted uses, prohibited uses, and correction path.

8.20.2(c) Fine-tuning shall be prohibited where the fine-tuned model could memorize, reveal, infer, reconstruct, expose, or miscontextualize personal information, protected knowledge, public authority restricted material, cyber-sensitive material, infrastructure-sensitive material, sovereign-sensitive material, source-protected material, confidential materials, or controlled technology beyond lawful and safe limits.

8.20.2(d) Fine-tuning shall not be used to encode institutional conclusions, recognition-like states, finance-readiness-like states, provider preferences, sponsor narratives, public authority positions, procurement preferences, maturity judgments, public warning implications, or protocol status into a model where such encoding could generate unauthorized authority by inference.

8.20.2(e) Fine-tuned models shall be entered or updated in the Model Register and shall have Model Cards, System Cards where applicable, Dataset Cards, Benchmark Cards where applicable, evaluation records, risk classification records, access controls, logging controls, human review requirements, output review requirements, incident pathways, suspension pathways, retirement pathways, and correction pathways.

8.20.2(f) Fine-tuned models shall not be used for public-safe outputs, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, finance-facing materials, provider-facing materials, sponsor-facing materials, community-facing materials, dashboards, maps, Evidence Packs, Decision Packs, public-good software, or public claims unless approved for the relevant output class.

8.20.2(g) Where fine-tuning is corrected, restricted, suspended, deprecated, withdrawn, retired, or found unauthorized, GCRI Canada shall review affected outputs, retrieval systems, embeddings, dashboards, maps, Evidence Packs, Decision Packs, public-safe publications, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider materials, sponsor materials, and dependency records.

8.20.2(h) The controlling rule shall be that fine-tuning may alter future model behavior in durable and difficult-to-reverse ways and therefore requires heightened authority, review, limits, records, and correction.

***

8.20.3 Embedding Restrictions.\
8.20.3(a) GCRI Canada shall restrict the embedding of GCRI Canada materials, Nexus materials, public authority materials, personal information, rights-bearing data, health-sensitive materials, cyber-sensitive materials, infrastructure-sensitive materials, sovereign data, community-protected data, Indigenous or protected knowledge, finance-sensitive materials, commercially sensitive materials, confidential source information, privileged materials, controlled technology, export-controlled materials, sanctions-sensitive materials, or other restricted content.

8.20.3(b) Embedding shall not occur unless the applicable Dataset Card, Model Register entry, Compute Workload Record, retrieval system record, embedding store record, and access control record authorize embedding for the specific corpus, purpose, model, environment, audience, retention period, deletion path, correction path, and retrieval boundary.

8.20.3(c) Embedding shall be treated as a governed derivative data act because embeddings may encode semantic information, sensitive relationships, source context, personal information, protected knowledge, public authority restrictions, confidential facts, or inferential traces even where the original text, image, file, signal, or dataset is not directly exposed.

8.20.3(d) Embedding stores shall identify source corpus, source records, ingestion date, embedding model, embedding version, vector store, owner, custodian, steward, access class, handling class, public-safe status, restricted-material status, update frequency, deletion path, re-indexing path, correction path, retrieval restrictions, export restrictions, transfer restrictions, and archive treatment.

8.20.3(e) Sensitive materials shall not be embedded into shared, public, vendor-controlled, sponsor-controlled, provider-controlled, cross-border, unmanaged, unlogged, or general-purpose embedding stores unless expressly authorized and safeguarded through appropriate residency, privacy, cybersecurity, sovereign data, protected knowledge, public authority, finance-boundary, provider-neutrality, sponsor non-control, and correction controls.

8.20.3(f) Embedding shall be restricted or prohibited where source correction, withdrawal, retraction, consent withdrawal, public authority restriction, protected knowledge restriction, deletion request, legal hold, sealing, or public-safe reclassification cannot be propagated to the embedding store and downstream retrieval uses at a level proportionate to risk.

8.20.3(g) Where embeddings are corrected, re-indexed, restricted, deleted, sealed, superseded, withdrawn, or found unauthorized, GCRI Canada shall review affected retrieval systems, model outputs, Evidence Packs, Decision Packs, dashboards, maps, public-safe outputs, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, and dependency records.

8.20.3(h) The controlling rule shall be that embeddings are not harmless indexes; they are governed semantic derivatives that must preserve source authority, access controls, restrictions, deletion, correction, and public-safe meaning.

***

8.20.4 Retrieval-Augmented Generation Restrictions.\
8.20.4(a) GCRI Canada shall restrict retrieval-augmented generation and related retrieval-supported model use where retrieval sources, retrieved materials, model outputs, or generated summaries may materially affect evidence meaning, public-safe status, public authority interpretation, finance-facing interpretation, provider-facing interpretation, sponsor-facing interpretation, community-facing interpretation, protected knowledge treatment, Nexus interface meaning, public claims, or downstream dependency.

8.20.4(b) Retrieval-augmented generation shall not be used with restricted materials unless retrieval source records, Dataset Cards, embedding store records where applicable, Model Register entries, System Cards, Compute Workload Records, access controls, query logs where applicable, retrieval logs where applicable, output review requirements, public-safe controls, and correction paths are in place.

8.20.4(c) Retrieval sources shall be classified by audience and use, including internal, controlled-room, public-safe, public authority-facing, GRF-facing, GRA-facing, Protocol Authority-facing, Observatory-facing, Rails-facing, Academy-facing, provider-facing, sponsor-facing, host-facing, community-facing, finance-facing, and public-facing retrieval contexts.

8.20.4(d) Retrieval systems shall not retrieve, summarize, combine, translate, cite, expose, or infer from materials beyond the user’s authorized role, the model’s approved use, the output class, the public-safe status, the data handling class, the source permission, and the permitted-use boundary.

8.20.4(e) Retrieval-augmented generation shall preserve source lineage, record version, source status, correction status, withdrawal status, retraction status where applicable, supersession status, confidence, uncertainty, limitations, and boundary language in generated outputs where material.

8.20.4(f) Retrieval systems shall be designed to avoid stale retrieval, unauthorized retrieval, cross-room leakage, prompt-injection-driven retrieval, public-safe boundary collapse, finance-boundary collapse, public authority boundary collapse, provider preference, sponsor validation, protected knowledge exposure, and source hallucination.

8.20.4(g) Model outputs produced through retrieval-augmented generation shall be subject to human review and output review where material, including review for source grounding, unsupported claims, false citations, omitted limitations, false precision, public authority overclaim, finance overclaim, certification implication, recognition implication, provider endorsement, sponsor approval, public warning implication, emergency command implication, and correction path.

8.20.4(h) Where retrieval sources are corrected, reclassified, restricted, superseded, withdrawn, retracted, deleted, sealed, or archived, GCRI Canada shall update or restrict the retrieval system and review affected outputs and dependencies.

8.20.4(i) The controlling rule shall be that retrieval-augmented generation may improve access to evidence only where retrieval respects the same permissions, boundaries, source status, and correction duties as the underlying records.

***

8.20.5 Model Improvement Restrictions.\
8.20.5(a) GCRI Canada shall restrict model improvement uses of GCRI Canada materials, Nexus materials, public authority materials, personal information, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, community-protected data, Indigenous or protected knowledge, confidential materials, finance-sensitive materials, commercially sensitive materials, controlled technology, export-controlled materials, sanctions-sensitive materials, and other restricted content.

8.20.5(b) Model improvement shall include vendor model improvement, product improvement, feedback learning, reinforcement learning from user feedback, evaluation-to-training loops, automated prompt optimization where retained by a provider, telemetry-based model improvement, safety fine-tuning, classifier improvement, retrieval improvement, embedding improvement, benchmark-to-training use, synthetic data generation for training, and any use by which submitted materials, prompts, outputs, corrections, ratings, annotations, logs, or interactions may improve a model or model service beyond the specific authorized workload.

8.20.5(c) No GCRI Canada material or Nexus material shall be made available for model improvement by any vendor, provider, sponsor, platform, public AI tool, cloud service, model service, analytics service, repository service, data room, collaboration platform, or other third party unless expressly authorized in a records-valid instrument and reviewed for legal, privacy, cybersecurity, sovereign data, protected knowledge, public authority, finance-boundary, provider-neutrality, sponsor non-control, and correction risks.

8.20.5(d) GCRI Canada shall prefer model-use configurations that disable vendor training, disable product improvement, disable retention beyond authorized purpose, disable unmanaged telemetry, restrict logging, restrict human vendor review, restrict subprocessors, restrict cross-border access, and preserve deletion, correction, and audit rights where appropriate.

8.20.5(e) Model improvement shall be prohibited where the material includes or may reveal personal information, rights-bearing data, health-sensitive data, public authority restricted data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, community-protected data, Indigenous or protected knowledge, confidential source information, privileged materials, credentials, secrets, keys, tokens, controlled technology, export-controlled materials, sanctions-sensitive materials, or information not authorized for such use.

8.20.5(f) Model improvement shall not be used to encode sponsor narratives, provider claims, public authority positions, finance-facing interpretations, recognition-like signals, maturity-like signals, procurement preferences, market preferences, public warning signals, emergency-command signals, or execution-ready interpretations into model behavior.

8.20.5(g) Where unauthorized model improvement use is suspected or confirmed, GCRI Canada shall conduct incident review, vendor review where applicable, data impact review, model impact review, public-safe review, legal review where required, dependency review, correction, restriction, notice where required, and future-use controls.

8.20.5(h) The controlling rule shall be that model improvement is a separate use requiring separate authority because materials submitted for one evidence purpose must not silently improve models for another purpose.

***

8.20.6 Vendor AI Processing Restrictions.\
8.20.6(a) GCRI Canada shall restrict vendor AI processing of GCRI Canada materials, Nexus materials, public authority materials, personal information, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, community-protected data, Indigenous or protected knowledge, confidential materials, finance-sensitive materials, commercially sensitive materials, controlled technology, export-controlled materials, sanctions-sensitive materials, and other restricted content.

8.20.6(b) Vendor AI processing shall not occur unless the vendor, model service, cloud service, platform, API, repository system, analytics system, collaboration system, or other processing environment has been reviewed for authority, contractual terms, data use, training use, model improvement use, retention, deletion, subprocessors, cross-border access, support access, logging, security controls, privacy controls, sovereign data controls, protected knowledge safeguards, public authority restrictions, incident response, audit rights, and correction path.

8.20.6(c) Vendor terms shall be reviewed, where material, for rights to use submitted data, rights to use prompts, rights to use outputs, rights to use logs, model training rights, product improvement rights, human review rights, retention periods, deletion commitments, confidentiality, IP allocation, audit access, subprocessors, transfer locations, breach notification, security controls, and public authority access requests.

8.20.6(d) Vendor AI processing shall be prohibited where vendor terms, architecture, logging, retention, training use, support access, human review, cross-border transfer, subprocessors, or deletion limits are inconsistent with the data class, evidence class, public authority status, sovereign data status, protected knowledge status, confidentiality, public-safe status, or GCRI Canada’s public-benefit mandate.

8.20.6(e) Vendor AI outputs shall not be treated as institutionally valid merely because the vendor is reputable, enterprise-grade, public-sector-approved, certified elsewhere, technically advanced, sponsor-supported, provider-supplied, or widely used.

8.20.6(f) Vendor AI processing shall require output review where material and shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.20.6(g) Where vendor AI processing creates or contributes to unauthorized disclosure, unauthorized training, unauthorized model improvement, hallucination, false citation, source exposure, public-safe failure, public authority overclaim, finance overclaim, provider preference, sponsor validation, protected knowledge exposure, or correction failure, GCRI Canada shall restrict or suspend vendor use and remediate affected outputs.

8.20.6(h) The controlling rule shall be that vendor AI processing may be used only where vendor convenience is subordinated to data authority, public-safe controls, privacy, cybersecurity, sovereignty, protected knowledge, boundary discipline, and correctionability.

***

8.20.7 Public AI Tool Restrictions.\
8.20.7(a) GCRI Canada shall restrict or prohibit the use of public AI tools, consumer AI tools, unmanaged AI tools, unapproved AI assistants, public chat systems, public translation systems, public summarization systems, browser plug-ins, unapproved meeting transcription tools, unapproved code assistants, unapproved image or video generation tools, public embedding tools, public retrieval tools, and other unapproved AI systems for GCRI Canada materials or Nexus materials.

8.20.7(b) Public AI tools shall not be used to process, upload, paste, summarize, translate, classify, extract, embed, retrieve, train on, analyze, transform, visualize, or generate outputs from restricted materials, including personal information, public authority restricted data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, community-protected data, Indigenous or protected knowledge, confidential materials, source-protected information, privileged materials, credentials, secrets, keys, tokens, controlled technology, export-controlled materials, sanctions-sensitive materials, or non-public GCRI Canada materials.

8.20.7(c) Public AI tools shall not be used for material outputs unless the tool is approved, the use is recorded, data inputs are permitted, retention and training settings are acceptable, public-safe status is reviewed, output review is performed where material, and the output is linked to source records, method records, limitations, and correction path.

8.20.7(d) Public AI tools shall not be used to create public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority inputs, dashboards, maps, Evidence Packs, Decision Packs, controlled annexes, public-safe reports, provider materials, sponsor materials, host materials, community-facing materials, or public claims except under approved AI-use controls and review.

8.20.7(e) Public AI tool outputs shall not be treated as evidence, source authority, legal interpretation, finance interpretation, public authority interpretation, technical validation, benchmark result, confidence score, public-safe classification, recognition, finance-readiness, certification, protocol effect, procurement status, rating, guarantee, warning, command, or execution-ready output by default.

8.20.7(f) Public AI tool restrictions shall include controls on browser extensions, automatic summarizers, meeting bots, transcription tools, email assistants, document copilots, code copilots, spreadsheet copilots, slide generators, design tools, image tools, video tools, audio tools, and mobile applications where they may ingest, retain, expose, or improve models using restricted materials.

8.20.7(g) Where public AI tool misuse is suspected or confirmed, GCRI Canada shall conduct incident review, data impact review, public-safe review, privacy review, cybersecurity review, legal review where required, vendor or platform review where possible, correction, notice where required, access restriction, training update, and downstream dependency review.

8.20.7(h) The controlling rule shall be that public AI tools are prohibited for restricted institutional materials unless specifically approved for the exact use, because unmanaged AI convenience creates uncontrolled data, source, model, and public-safe risk.

***

8.20.8 Deletion Pathways, Unlearning Limits, Embedding Store Controls, and Retrieval Source Review.\
8.20.8(a) GCRI Canada shall maintain deletion pathways, unlearning-limit records, embedding store controls, and retrieval source review for any authorized or suspected training, fine-tuning, embedding, retrieval, or model improvement use.

8.20.8(b) Deletion pathways shall identify how source materials, uploaded files, prompts, queries, logs, outputs, cached records, embeddings, indexes, temporary files, intermediate artifacts, fine-tuning files, evaluation files, vendor-held files, backups, archives, and derived artifacts may be deleted, sealed, restricted, or retained according to lawful basis, retention obligations, correctionability, and public-safe needs.

8.20.8(c) Unlearning-limit records shall identify whether and how a model can remove, suppress, isolate, deprecate, or stop using material previously used for training, fine-tuning, model improvement, embedding, retrieval, or evaluation, and shall identify limitations, residual risk, verification limits, vendor limits, time limits, and downstream output implications.

8.20.8(d) GCRI Canada shall not authorize training, fine-tuning, or model improvement with restricted materials where meaningful deletion, withdrawal, correction, or unlearning obligations cannot be satisfied or where residual model memory risk is incompatible with the material’s classification, permissions, public authority restrictions, protected knowledge obligations, privacy obligations, or public-safe status.

8.20.8(e) Embedding store controls shall include source inventory, ingestion approval, access controls, deletion controls, re-indexing controls, version controls, correction propagation, stale-source removal, withdrawn-source removal, retracted-source removal, restricted-source filtering, public-safe filtering, and retrieval audit.

8.20.8(f) Retrieval source review shall occur on schedule and upon material change, including new source, corrected source, reclassified source, restricted source, superseded source, withdrawn source, retracted source, deleted source, sealed source, new public-safe status, new access class, new output class, new audience, new incident, or new dependency.

8.20.8(g) Where deletion, unlearning, embedding store control, or retrieval source review reveals residual risk, GCRI Canada shall restrict affected systems, disable retrieval, re-index, delete, seal, quarantine, correct outputs, notify affected users where required, review dependencies, and update records.

8.20.8(h) The controlling rule shall be that model-connected records must remain removable, restrictable, re-indexable, reviewable, and correctable to the maximum extent lawful and technically feasible, and known unlearning limits must be treated as evidence risk.

***

8.20.9 Sensitive Prompt, Upload, Paste, Copy, and Side-Channel Controls.\
8.20.9(a) GCRI Canada shall maintain sensitive prompt, upload, paste, copy, screenshot, screen recording, export, download, transcription, translation, summarization, browser extension, plug-in, API, connector, clipboard, cache, autocomplete, telemetry, and side-channel controls for AI and model-connected systems.

8.20.9(b) Users shall not prompt, upload, paste, copy, attach, screenshot, screen-record, transcribe, translate, summarize, embed, retrieve, or otherwise submit restricted materials to AI systems unless the system, environment, model, workload, data class, purpose, access, retention, training-use status, model-improvement status, public-safe status, and correction path are approved for that material.

8.20.9(c) Sensitive prompt controls shall prohibit inclusion of credentials, secrets, keys, tokens, personal information, rights-bearing data, public authority restricted data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, community-protected data, Indigenous or protected knowledge, confidential source information, privileged materials, controlled technology, export-controlled materials, sanctions-sensitive materials, or other restricted materials in unapproved AI prompts.

8.20.9(d) Upload and paste controls shall apply to documents, datasets, images, videos, audio, code, logs, telemetry, maps, dashboards, emails, meeting transcripts, chat exports, public authority materials, sponsor materials, provider materials, host materials, community materials, legal materials, finance-facing materials, and controlled annexes.

8.20.9(e) Side-channel controls shall address leakage through prompt history, browser history, clipboard managers, crash reports, telemetry, autocomplete, spellcheck, translation tools, file previews, link unfurling, meeting assistants, screen-sharing, screenshots, logs, analytics tools, support access, vendor human review, subprocessors, and unintended model context.

8.20.9(f) GCRI Canada shall provide training, labels, technical controls, default settings, access controls, approved-tool lists, prohibited-tool lists, public-safe templates, and incident pathways to prevent sensitive prompt, upload, paste, copy, and side-channel misuse.

8.20.9(g) Where sensitive prompt, upload, paste, copy, or side-channel misuse is suspected or confirmed, GCRI Canada shall preserve relevant records where safe, restrict affected access, rotate credentials where needed, assess data exposure, review outputs, correct records, notify affected interfaces where required, and update training or controls.

8.20.9(h) The controlling rule shall be that AI risk often begins before model output, at the moment sensitive material is pasted, uploaded, queried, copied, cached, or leaked through a side channel.

***

8.20.10 Records for Any Authorized Training, Fine-Tuning, Embedding, Retrieval, or Model Improvement Use.\
8.20.10(a) GCRI Canada shall maintain, or cause to be maintained, records for any authorized training, fine-tuning, embedding, retrieval, or model improvement use of GCRI Canada materials, Nexus materials, public authority materials, datasets, evidence records, model records, prompts, outputs, annotations, logs, corrections, or other institutional materials.

8.20.10(b) Such records shall identify use type, purpose, approving authority, requesting actor, owner, custodian, steward, dataset or corpus, source records, Dataset Cards, Model Register entries, Model Cards, System Cards where applicable, Compute Workload Records, Compute Environment Records, lawful basis, permissions, licenses, consent or non-consent treatment where applicable, public authority restrictions, community or Indigenous protocols where applicable, protected knowledge restrictions, data class, evidence class, access class, handling class, jurisdiction, transfer status, retention status, deletion path, unlearning limits, public-safe status, permitted use, prohibited use, reviewer, approval date, review cycle, and correction path.

8.20.10(c) Training records shall identify the model or model family affected, training corpus, training method, training environment, training provider, training date, training status, evaluation plan, output restrictions, model improvement limits, deletion limits, unlearning limits, and affected downstream model records.

8.20.10(d) Fine-tuning records shall identify base model, fine-tuned model, fine-tuning data, method, provider, environment, configuration, evaluation, permitted users, prohibited users, output classes, access controls, logging, human review, public-safe review, and retirement path.

8.20.10(e) Embedding records shall identify source corpus, embedding model, embedding store, ingestion date, update cadence, access controls, retrieval restrictions, deletion path, re-indexing path, correction propagation, public-safe status, and affected retrieval systems.

8.20.10(f) Retrieval records shall identify retrieval sources, query controls, access filters, classification filters, public-safe filters, source version handling, correction propagation, output review requirements, and dependency links.

8.20.10(g) Model improvement records shall identify vendor or internal improvement purpose, improvement method, materials used, logs used, feedback used, output use, retention status, training status, provider rights, opt-out or disablement status, deletion limits, unlearning limits, and future-use restrictions.

8.20.10(h) Records under this section shall be linked, where applicable, to Evidence Register entries, Dataset Register entries, Model Register entries, System Card entries, Benchmark Card entries, Compute Workload Records, Compute Environment Records, Method Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.20.10(i) Authorized training, fine-tuning, embedding, retrieval, and model improvement records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.20.10(j) The controlling rule shall be that no model-connected use of institutional materials is legitimate unless the use, authority, corpus, model, environment, restrictions, deletion limits, review, and correction path are recorded.

### 8.21 Retrieval and Embedding Controls

8.21.1 Approved Retrieval Sources.\
8.21.1(a) GCRI Canada shall approve retrieval sources before they are used for material Nexus Truth Engine activities, Verifiable Intelligence, Verifiable Compute, Evidence Packs, Decision Packs, dashboards, maps, APIs, datasets, public-safe reports, controlled-room outputs, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, Nexus Observatory outputs, Nexus Risk Management outputs, Nexus Rails outputs, Nexus Grid inputs, Nexus Academy materials, public-good software, technical baselines, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, media materials, or public claims.

8.21.1(b) Approved retrieval sources may include Evidence Registers, Dataset Registers, Model Registers, Method Registers, Observability Registers, Ontology and Controlled Vocabulary Registers, Compute Workload Records, Compute Environment Records, Output Class Registers, Publication and Public-Safe Output Registers, Correction Registers, Dependency Registers, public-safe repositories, controlled-room repositories, public authority rooms, GRF interface records, GRA interface records, Protocol Authority interface records, Nexus interface records, provider records, sponsor records, host records, community records, public records, technical baselines, public-good software repositories, and other approved source repositories.

8.21.1(c) A retrieval source shall be approved only for recorded uses, audiences, data classes, evidence classes, output classes, access classes, handling classes, public-safe states, public authority-facing states, finance-facing states, provider-facing states, sponsor-facing states, host-facing states, community-facing states, and protected knowledge states.

8.21.1(d) Approval of a retrieval source shall identify source owner, custodian, steward, authority, source scope, corpus scope, source status, versioning, update cadence, source-lineage quality, permissions, access controls, retrieval controls, public-safe status, confidence posture, uncertainty posture, limitation posture, correction propagation, withdrawal propagation, retraction propagation, deletion propagation, and archive treatment.

8.21.1(e) Approval of a retrieval source shall not approve all records within that source for all uses. Individual records, datasets, evidence packs, controlled annexes, public authority materials, finance-facing materials, protected knowledge materials, or confidential materials shall remain subject to their own classification, access, handling, permitted-use, prohibited-use, and correction controls.

8.21.1(f) Retrieval source approval shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.21.1(g) Where a retrieval source becomes stale, misclassified, permission-defective, insecure, overbroad, unmonitored, misused, disputed, corrected, superseded, withdrawn, retracted, or no longer fit for purpose, GCRI Canada shall restrict, reclassify, re-index, suspend, retire, or remove the source and review affected outputs and dependencies.

8.21.1(h) The controlling rule shall be that retrieval sources must be approved because model-supported evidence can be no safer, more current, or more legitimate than the records from which it retrieves.

***

8.21.2 Prohibited Retrieval Sources.\
8.21.2(a) GCRI Canada shall prohibit retrieval from unauthorized, unclassified, unlogged, unmanaged, insecure, stale, unpermissioned, public-safe-defective, privacy-defective, cyber-defective, sovereign-data-defective, public authority-defective, protected-knowledge-defective, finance-boundary-defective, provider-neutrality-defective, sponsor-control-defective, or correction-defective sources.

8.21.2(b) Prohibited retrieval sources may include personal drives, unmanaged folders, personal email accounts, unapproved chat exports, unapproved public AI histories, unapproved meeting transcripts, uncontrolled public websites, unapproved web scrapes, unapproved vector stores, unapproved browser caches, unapproved ticket exports, unapproved repositories, unapproved data rooms, unapproved dashboards, unapproved maps, unapproved APIs, unreviewed sponsor materials, unreviewed provider materials, unreviewed public authority materials, unreviewed community materials, and sources lacking correction propagation.

8.21.2(c) Retrieval shall be prohibited from sources whose terms, licenses, permissions, consent or non-consent conditions, public authority restrictions, community protocols, Indigenous protocols, protected knowledge restrictions, confidentiality obligations, or data-sharing conditions do not authorize retrieval for the proposed purpose.

8.21.2(d) Retrieval shall be prohibited from sources that expose personal information, rights-bearing data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, community-protected data, Indigenous or protected knowledge, confidential source information, privileged materials, credentials, secrets, keys, tokens, controlled technology, export-controlled materials, sanctions-sensitive materials, or other restricted materials to unauthorized users, models, systems, vendors, jurisdictions, or output classes.

8.21.2(e) Retrieval shall be prohibited from sources that cannot preserve source version, source status, correction status, supersession status, withdrawal status, retraction status where applicable, access class, handling class, public-safe status, permitted use, prohibited use, and limitation treatment at a level proportionate to risk.

8.21.2(f) Retrieval shall be prohibited where retrieval would collapse boundaries between public-good stack and enterprise stack, GCRI Canada and GRF, GCRI Canada and GRA, GCRI Canada and Protocol Authority, GCRI Canada and public authorities, GCRI Canada and National Companies, GCRI Canada and Project SPVs, GCRI Canada and providers, GCRI Canada and sponsors, or controlled-room and public-facing contexts.

8.21.2(g) Where prohibited retrieval has occurred or is suspected, GCRI Canada shall conduct incident review, restrict affected systems, disable affected sources, review retrieved outputs, reclassify or correct records, notify affected interfaces where required, and remediate affected dependencies.

8.21.2(h) The controlling rule shall be that prohibited retrieval sources must be excluded because unauthorized retrieval is a direct path to data leakage, source distortion, boundary collapse, and unsafe public claims.

***

8.21.3 Retrieval Source Classification, Authority, Currency, Reliability, and Public-Safe Status.\
8.21.3(a) GCRI Canada shall classify retrieval sources by authority, currency, reliability, public-safe status, access class, handling class, data class, evidence class, audience, output class, permitted use, prohibited use, and correction path.

8.21.3(b) Source authority classification shall identify whether the retrieval source is official or non-official, public or controlled, internal or external, primary or derived, source-of-record or reference copy, public authority-supplied, community-supplied, Indigenous or protected knowledge-derived, provider-supplied, sponsor-supplied, host-supplied, university-supplied, laboratory-supplied, model-generated, AI-generated, public-record-derived, or public-safe summary-derived.

8.21.3(c) Currency classification shall identify update cadence, last reviewed date, last indexed date, last corrected date, supersession status, withdrawal status, retraction status where applicable, stale status, archive status, and whether the retrieval source remains current for the proposed use.

8.21.3(d) Reliability classification shall identify source-lineage quality, provenance, custody, permission quality, completeness, known gaps, known errors, bias, review status, public-safe status, correction history, dispute history, and dependency quality.

8.21.3(e) Public-safe status shall identify whether retrieval may support public-safe outputs, controlled-room outputs, internal outputs, public authority learning outputs, GRF inputs, GRA inputs, Protocol Authority inputs, provider-facing outputs, sponsor-facing outputs, host-facing outputs, community-facing outputs, finance-facing outputs, Academy outputs, or public claims.

8.21.3(f) Retrieval classification shall distinguish between retrieval for finding records, retrieval for generating summaries, retrieval for answering questions, retrieval for classification, retrieval for scoring, retrieval for comparison, retrieval for public-safe drafting, retrieval for evidence pack assembly, retrieval for dashboard or map generation, and retrieval for correction workflows.

8.21.3(g) Where retrieval source classification is incomplete, ambiguous, disputed, stale, or inconsistent with the proposed use, retrieval shall be held, narrowed, restricted, or reviewed before use.

8.21.3(h) The controlling rule shall be that retrieval source classification must travel with retrieved content because content without authority, currency, reliability, and public-safe status is not safe evidence context.

***

8.21.4 Embedding Store Ownership, Custody, Access, Encryption, Logging, and Deletion.\
8.21.4(a) GCRI Canada shall maintain ownership, custody, access, encryption, logging, deletion, re-indexing, retention, correction, supersession, withdrawal, retraction, sealing, and archive controls for material embedding stores.

8.21.4(b) Each material embedding store shall identify store title or identifier, purpose, source corpus, source records, Dataset Cards, ingestion records, embedding model, embedding model version, vector store, owner, custodian, steward, provider where any, jurisdiction, compute environment, access class, handling class, public-safe status, restricted-material status, approved retrieval uses, prohibited retrieval uses, approved audiences, prohibited audiences, and correction path.

8.21.4(c) Access to embedding stores shall be role-based, purpose-bound, least-privilege, logged, monitored, revocable, and limited to approved systems, models, users, environments, workloads, output classes, and audiences.

8.21.4(d) Embedding stores containing or deriving from restricted materials shall use encryption, segmentation, isolation, access review, retrieval filters, deletion controls, re-indexing controls, export restrictions, cross-border controls, vendor controls, and monitoring proportionate to the sensitivity of the source corpus.

8.21.4(e) Embedding store logs shall identify ingestion events, source updates, source removals, re-indexing events, retrieval events where material, access events, administrative changes, export attempts, deletion events, correction propagation, incident events, and anomalous activity where lawful and proportionate.

8.21.4(f) Deletion and re-indexing shall be required where source records are corrected, reclassified, restricted, superseded, withdrawn, retracted, deleted, sealed, subject to consent withdrawal, subject to public authority restriction, subject to protected knowledge restriction, or otherwise no longer permitted for retrieval.

8.21.4(g) Embedding stores shall not be treated as public-safe, unrestricted, anonymized, or harmless merely because they contain vector representations rather than directly readable source text, images, logs, records, or files.

8.21.4(h) The controlling rule shall be that embedding stores are governed evidence infrastructure, not neutral indexes, and must be owned, controlled, logged, encrypted where appropriate, deletable, re-indexable, and correctionable.

***

8.21.5 Retrieval Leakage Risks.\
8.21.5(a) GCRI Canada shall identify and control retrieval leakage risks in model-supported systems, search systems, embedding systems, dashboards, maps, APIs, evidence assembly tools, public-safe publication tools, controlled-room systems, and public authority learning systems.

8.21.5(b) Retrieval leakage may include unauthorized retrieval, cross-classification retrieval, cross-room retrieval, cross-tenant retrieval, cross-program retrieval, cross-entity retrieval, cross-border retrieval, stale-source retrieval, withdrawn-source retrieval, retracted-source retrieval, sealed-source retrieval, privileged-source retrieval, protected-knowledge retrieval, public authority restricted retrieval, finance-sensitive retrieval, provider-sensitive retrieval, sponsor-sensitive retrieval, and source-protected retrieval.

8.21.5(c) Retrieval leakage may occur through prompts, queries, embeddings, vector similarity, metadata fields, autocomplete, semantic search, summaries, citations, snippets, cached results, model memory-like behavior, system logs, retrieval logs, API calls, browser extensions, connectors, dashboards, maps, exported files, or public-safe summaries.

8.21.5(d) GCRI Canada shall maintain retrieval filters, access controls, source classification controls, audience controls, public-safe filters, finance-boundary filters, public authority filters, protected knowledge filters, provider-neutrality filters, sponsor non-control filters, query controls, output review, and monitoring to prevent retrieval leakage.

8.21.5(e) Retrieval systems shall not expose restricted source titles, metadata, snippets, similarity matches, file paths, repository names, public authority identifiers, community identifiers, sensitive geographies, provider-sensitive details, sponsor-sensitive details, or protected knowledge markers where such exposure itself would create harm or unauthorized disclosure.

8.21.5(f) Where retrieval leakage is suspected or confirmed, GCRI Canada shall restrict affected retrieval sources, disable affected access, preserve logs where safe, assess exposure, review affected outputs, notify affected interfaces where required, correct records, re-index or delete embeddings where required, and update controls.

8.21.5(g) Retrieval leakage shall be treated as both a technical incident and an evidence-integrity incident where it may affect public-safe meaning, confidence, uncertainty, source protection, or downstream dependency.

8.21.5(h) The controlling rule shall be that retrieval leakage is dangerous because systems can reveal restricted truth fragments without formally publishing the underlying record.

***

8.21.6 Cross-Tenant, Cross-Program, Cross-Entity, and Cross-Border Retrieval Risks.\
8.21.6(a) GCRI Canada shall maintain controls for cross-tenant, cross-program, cross-entity, and cross-border retrieval risks in model-enabled, search-enabled, dashboard-enabled, map-enabled, API-enabled, repository-enabled, and public-good software systems.

8.21.6(b) Cross-tenant retrieval risk shall include the risk that one tenant, room, workspace, user group, external collaborator, provider, sponsor, host, public authority, National Company, Project SPV, community group, or Nexus entity retrieves material belonging to another without authority.

8.21.6(c) Cross-program retrieval risk shall include the risk that records from one program, pilot, working group, validation sprint, public authority learning room, GRF interface, GRA interface, Protocol Authority interface, Nexus Observatory activity, Nexus Rails handoff, Academy activity, or public-safe publication process are retrieved into another context without review.

8.21.6(d) Cross-entity retrieval risk shall include the risk that records are retrieved across GCRI Canada, GCRI US, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards / Protocol Authority, Nexus entities, National Consortiums, National Companies, Project SPVs, providers, sponsors, hosts, public authorities, universities, communities, or other actors in a manner that collapses legal separateness or role boundaries.

8.21.6(e) Cross-border retrieval risk shall include the risk that retrieval, embedding, indexing, caching, support access, model access, logs, snippets, summaries, or generated outputs cross jurisdictions or become accessible from outside the approved jurisdiction.

8.21.6(f) Controls shall include tenant isolation, program isolation, entity isolation, jurisdictional filters, role-based access, corpus partitioning, retrieval policy enforcement, source labels, metadata controls, cross-source review, restricted connector rules, output class filters, controlled-room boundaries, public-safe review, and monitoring.

8.21.6(g) Where cross-tenant, cross-program, cross-entity, or cross-border retrieval is necessary, it shall be expressly authorized, purpose-bound, logged, classified, reviewed, boundary-controlled, and correctionable.

8.21.6(h) Where cross-boundary retrieval occurs without authority, GCRI Canada shall treat the event as a data, evidence, privacy, cybersecurity, public authority, protected knowledge, legal separateness, and correction event requiring remediation proportionate to risk.

8.21.6(i) The controlling rule shall be that retrieval must respect institutional, programmatic, jurisdictional, and legal boundaries because semantic access can collapse separateness as surely as legal merger.

***

8.21.7 Retrieval Overreach, Context Collapse, and False Association Controls.\
8.21.7(a) GCRI Canada shall maintain controls against retrieval overreach, context collapse, and false association in model-enabled, search-enabled, evidence-routing, dashboard, map, API, public-safe publication, and public authority learning systems.

8.21.7(b) Retrieval overreach shall include retrieving more records, more sensitive records, more jurisdictions, more time periods, more entities, more programs, more public authority materials, more finance-facing materials, more provider materials, more sponsor materials, or more protected knowledge materials than the approved purpose requires.

8.21.7(c) Context collapse shall include combining records from different audiences, output classes, jurisdictions, technologies, communities, public authority contexts, finance contexts, provider contexts, sponsor contexts, time periods, confidence states, uncertainty states, dispute states, public-safe states, or legal statuses in a manner that makes them appear equivalent or mutually reinforcing.

8.21.7(d) False association shall include implying that two records, actors, technologies, public authorities, providers, sponsors, communities, projects, risks, incidents, datasets, models, benchmarks, or Nexus interfaces are connected, comparable, endorsed, recognized, finance-ready, protocol-effective, procurement-relevant, or execution-ready merely because retrieval presents them together.

8.21.7(e) Retrieval systems shall preserve source context, audience context, temporal context, jurisdictional context, public authority context, community context, protected knowledge context, finance-boundary context, provider-neutrality context, sponsor non-control context, confidence, uncertainty, limitations, and correction status in retrieved outputs where material.

8.21.7(f) GCRI Canada shall use query scoping, corpus scoping, metadata filters, context windows, source ranking controls, output review, citation review, limitation insertion, public-safe explanation, and human review where material to prevent retrieval overreach, context collapse, and false association.

8.21.7(g) Where retrieval overreach, context collapse, or false association affects a material output, GCRI Canada shall correct, reissue, restrict, downgrade, supersede, withdraw, retract, re-index, modify retrieval filters, or update training and controls as appropriate.

8.21.7(h) The controlling rule shall be that retrieval must preserve context because evidence brought together without context can create claims that no source actually supports.

***

8.21.8 Public Authority, Community, Indigenous, Protected Knowledge, and Confidential Material Retrieval Controls.\
8.21.8(a) GCRI Canada shall maintain heightened retrieval controls for public authority materials, community materials, Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, protected knowledge, confidential materials, source-protected materials, privileged materials, and other trust-based or restricted materials.

8.21.8(b) Public authority material retrieval shall preserve capacity classification, official or non-official status, data-sharing authority, public authority restrictions, access limits, publication limits, agency reference controls, non-delegation language, non-endorsement language, non-warning language, non-procurement language, non-regulatory language, non-funding language, non-public-finance language, and correction path.

8.21.8(c) Community and Indigenous material retrieval shall preserve authority, consent or non-consent where applicable, community protocol, Indigenous protocol where applicable, cultural context, territorial context, protected knowledge restrictions, permitted use, prohibited use, public-safe limits, withdrawal or challenge pathways where applicable, and do-no-harm controls.

8.21.8(d) Confidential and source-protected material retrieval shall preserve confidentiality obligations, source protection, retaliation risk controls, access limits, quotation limits, summary limits, citation limits, export limits, public-safe limits, and legal or privilege controls where applicable.

8.21.8(e) Retrieval systems shall not retrieve, summarize, infer, expose, translate, map, visualize, embed, combine, or cite protected knowledge, community-sensitive material, public authority restricted material, or confidential material into public-safe, finance-facing, provider-facing, sponsor-facing, media-facing, or public outputs unless expressly authorized and public-safe reviewed.

8.21.8(f) Where retrieval is permitted for controlled-room or internal review, outputs shall remain within the approved audience and shall not be exported or summarized into broader audiences without reclassification, public-safe review, safeguards review, public authority review where applicable, and correction-path preservation.

8.21.8(g) Where retrieval controls fail for materials under this section, GCRI Canada shall restrict access, disable retrieval, preserve logs where safe, assess exposure, notify affected actors where required, correct outputs, re-index or delete embeddings where required, and update safeguards.

8.21.8(h) The controlling rule shall be that sensitive institutional and community trust materials require retrieval controls that preserve relationship, authority, confidentiality, context, safety, and correctionability.

***

8.21.9 Retrieval Evaluation and Monitoring.\
8.21.9(a) GCRI Canada shall evaluate and monitor material retrieval and embedding systems used in Nexus Truth Engine activities, Verifiable Intelligence, Verifiable Compute, evidence assembly, public-safe publication, dashboards, maps, APIs, Evidence Packs, Decision Packs, public authority learning, GRF inputs, GRA inputs, Protocol Authority support, Nexus Observatory outputs, Nexus Rails outputs, Nexus Grid inputs, Nexus Academy materials, and correction workflows.

8.21.9(b) Retrieval evaluation shall assess source relevance, source grounding, source authority, currency, reliability, version handling, correction propagation, access control, public-safe filtering, classification filtering, jurisdictional filtering, protected knowledge filtering, public authority filtering, finance-boundary filtering, provider-neutrality filtering, sponsor non-control filtering, and context preservation.

8.21.9(c) Retrieval evaluation shall include negative tests, adversarial tests, stale-source tests, withdrawn-source tests, retracted-source tests, restricted-source tests, sealed-source tests, cross-tenant tests, cross-program tests, cross-entity tests, cross-border tests, prompt-injection tests, false-association tests, and public-safe overclaim tests where material.

8.21.9(d) Monitoring shall identify unauthorized retrieval, low-relevance retrieval, unsupported source selection, stale retrieval, source hallucination, missing source context, retrieval leakage, cross-boundary retrieval, prompt-injection-driven retrieval, overbroad retrieval, public-safe failure, public authority overclaim, finance overclaim, provider preference, sponsor validation, protected knowledge exposure, and correction propagation failure.

8.21.9(e) Retrieval evaluation and monitoring shall be proportionate to output class, data class, evidence class, model use, public-safe status, public authority relevance, finance relevance, provider relevance, sponsor relevance, protected knowledge relevance, privacy risk, cybersecurity risk, sovereign data risk, and downstream dependency.

8.21.9(f) Where evaluation or monitoring identifies material retrieval weakness, GCRI Canada shall restrict sources, adjust retrieval filters, re-index embeddings, delete or seal embeddings, change ranking rules, update system prompts where applicable, require human review, restrict output classes, correct affected outputs, suspend retrieval, or retire the retrieval system as appropriate.

8.21.9(g) Retrieval evaluation and monitoring records shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.21.9(h) The controlling rule shall be that retrieval systems must be tested and monitored because the wrong source retrieved with confidence can produce a more dangerous error than no source at all.

***

8.21.10 Retrieval and Embedding Incident, Correction, and Retention Records.\
8.21.10(a) GCRI Canada shall maintain, or cause to be maintained, retrieval and embedding incident records, correction records, retention records, deletion records, sealing records, re-indexing records, supersession records, withdrawal records, retraction records where applicable, restriction records, and archive records for material retrieval and embedding systems.

8.21.10(b) Retrieval incident records shall identify incident title or identifier, system affected, retrieval source affected, embedding store affected where applicable, model affected, workload affected, output affected, source of detection, date, severity, incident type, data affected, evidence affected, public-safe effect, privacy effect, cybersecurity effect, sovereign data effect, public authority effect, finance effect, provider effect, sponsor effect, protected knowledge effect, community effect, affected dependencies, interim controls, response actions, notice decisions, and closeout requirements.

8.21.10(c) Embedding incident records shall identify unauthorized embedding, improper corpus ingestion, restricted-source ingestion, stale-source embedding, withdrawn-source embedding, retracted-source embedding, incorrect metadata, cross-tenant exposure, cross-border exposure, deletion failure, re-indexing failure, vector-store leakage, embedding inversion risk, source reconstruction risk, or correction propagation failure.

8.21.10(d) Correction records shall identify corrected source, corrected embedding, corrected retrieval rule, corrected filter, corrected index, corrected metadata, corrected output, prior status, corrected status, reason, reviewer, approving actor where applicable, effective date, affected workloads, affected outputs, affected dependencies, confidence effect, uncertainty effect, public-safe effect, boundary effect, notice decision, and archive treatment.

8.21.10(e) Retention records shall identify how long retrieval logs, query logs, embedding records, source indexes, vector stores, cached results, snippets, summaries, output context, and dependency records are retained, sealed, deleted, archived, or placed under legal hold.

8.21.10(f) Deletion and sealing records shall identify material removed or sealed, reason, source authority, legal basis where applicable, affected embeddings, affected retrieval sources, affected models, affected outputs, affected users, re-indexing status, residual risk, notice decision, and future-use restrictions.

8.21.10(g) Records under this section shall be linked, where applicable, to Dataset Register entries, Model Register entries, System Card entries, Compute Workload Records, Compute Environment Records, Evidence Register entries, Method Register entries, Observability Register entries, Ontology and Controlled Vocabulary Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.21.10(h) Retrieval and embedding incident, correction, and retention records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.21.10(i) The controlling rule shall be that retrieval and embedding systems must retain enough record to correct what they retrieved, indexed, exposed, summarized, or generated, while deleting, sealing, or restricting what must not continue to travel.

### 8.22 Inference Records

8.22.1 Inference Record Requirement for Material AI Outputs Affecting Evidence, Public Claims, Public Authority Materials, Publications, Docket / Grid Inputs, GRA Inputs, GRF Inputs, Protocol Authority Inputs, Dashboards, Maps, or Technical Baselines.\
8.22.1(a) GCRI Canada shall maintain, or cause to be maintained, Inference Records for material AI outputs that affect evidence records, source comparison, confidence scoring, uncertainty treatment, limitation statements, public-safe classification, public claims, public authority materials, publications, Docket inputs, Grid inputs, The Global Risks Alliance (GRA) inputs, The Global Risks Forum (GRF) inputs, Protocol Authority inputs, Nexus Observatory outputs, Nexus Risk Management outputs, Nexus Rails outputs, dashboards, maps, APIs, datasets, Evidence Packs, Decision Packs, technical baselines, public-good software, Academy materials, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, media materials, or correction workflows.

8.22.1(b) An Inference Record shall be required where an AI system, model, retrieval-augmented generation system, embedding-supported system, agentic system, classifier, summarizer, translator, evaluator, routing tool, confidence tool, uncertainty tool, dashboard tool, map tool, public-safe drafting tool, or model-enabled workflow materially shapes an institutional output or a decision-supporting evidence artifact.

8.22.1(c) Inference Record requirements shall apply whether the output is generated by an internally hosted model, vendor model, public cloud model, private cloud model, sovereign cloud model, secure enclave model, confidential computing model, controlled-room model, public-good software model, open-source model, proprietary model, API-based model, local model, or model embedded in another technical system.

8.22.1(d) AI output shall not be treated as institutionally valid merely because it is fluent, cited, confident, reproducible, cryptographically logged, produced by an approved model, generated in an approved environment, reviewed by a vendor, produced from a public-safe source, or consistent with prior narrative.

8.22.1(e) Inference Records shall be proportionate to risk. Higher-record requirements shall apply where inference affects public-safe release, public authority interpretation, finance-facing interpretation, GRF input, GRA input, Protocol Authority input, provider-facing use, sponsor-facing use, community-facing use, protected knowledge treatment, dashboard or map meaning, public claims, or downstream dependency.

8.22.1(f) Where material AI output has been used without an Inference Record, GCRI Canada shall reconstruct the record where possible, identify affected outputs, assess source grounding, confidence, uncertainty, public-safe status, boundary risk, and downstream dependencies, and correct, restrict, supersede, withdraw, or archive affected outputs where required.

8.22.1(g) Inference Records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.22.1(h) The controlling rule shall be that material AI outputs must leave an institutional trace because unrecorded inference cannot be reviewed, challenged, corrected, bounded, or trusted as evidence support.

***

8.22.2 Input, Prompt, Query, Retrieval Context, Model, Version, Environment, User, Time, Data Sources, and Output Record.\
8.22.2(a) Each material Inference Record shall identify input, prompt, query, retrieval context, model, model version, system, system version, environment, user or actor, role, organization where applicable, authority, time, data sources, retrieved records, output, output version, output class, and correction path.

8.22.2(b) Input records shall identify input class, data class, evidence class, source records, dataset records where applicable, file references, structured data references, dashboard references, map references, API references, public authority materials, GRF materials, GRA materials, Protocol Authority materials, provider materials, sponsor materials, host materials, community materials, protected knowledge materials, and any restrictions applicable to the input.

8.22.2(c) Prompt and query records shall identify prompt or instruction category, query purpose, system instruction category where applicable, user instruction category where appropriate and safe, prompt version, query filters, ontology terms, controlled vocabulary terms, public-safe instructions, boundary instructions, prohibited-output instructions, and reviewer requirements.

8.22.2(d) Retrieval context records shall identify retrieval sources, retrieved record identifiers, record versions, source status, source authority, source classification, access class, handling class, public-safe status, supersession status, withdrawal status, retraction status where applicable, confidence context, uncertainty context, limitations, ranking method where material, excluded sources where material, and missing sources where material.

8.22.2(e) Model and environment records shall identify Model Register entry, Model Card, System Card where applicable, model version, deployment context, compute environment, Compute Workload Record where applicable, provider where any, jurisdiction, access mode, retrieval mode, embedding store where any, tool-use status where any, agentic status where any, logging status, and public-safe status.

8.22.2(f) User, actor, and time records shall identify the person, function, system, service account, workflow, or authorized actor initiating or using the inference, their role, capacity, access authority, conflict status where material, review status where material, inference date, inference time, time zone where material, and session or workload identifier where applicable.

8.22.2(g) Output records shall preserve output text, structured output, classification, labels, score, summary, translation, extraction, route, recommendation-like language where any, dashboard change, map change, API response, file output, code output, public-safe draft, technical baseline draft, correction draft, or other output produced by the inference where retention is lawful, safe, and proportionate.

8.22.2(h) Where full input, prompt, query, retrieval, or output recording would create privacy, cybersecurity, public authority, protected knowledge, privilege, source-protection, legal, or public-safe risk, GCRI Canada may use redacted, summarized, hashed, sealed, controlled, or access-restricted records sufficient to preserve auditability without unsafe exposure.

8.22.2(i) The controlling rule shall be that an Inference Record must identify what was asked, what was retrieved, what model answered, where it ran, who used it, when it occurred, what sources shaped it, and what output resulted.

***

8.22.3 Classification, Handling Class, Public-Safe Status, and Distribution Limits.\
8.22.3(a) Each material Inference Record shall identify classification, handling class, access class, public-safe status, controlled-room status where applicable, finance-safe status where material, public authority-facing status where material, GRF-facing status where material, GRA-facing status where material, Protocol Authority-facing status where material, provider-facing status where material, sponsor-facing status where material, host-facing status where material, community-facing status where material, protected knowledge status, and distribution limits.

8.22.3(b) Classification shall apply to the inference input, retrieved context, model output, output record, reviewer notes, logs, and any derived artifacts, and shall reflect the most protective classification required by the material included or inferred.

8.22.3(c) Handling class shall identify whether the inference may be stored, quoted, exported, copied, downloaded, embedded, indexed, retrieved, summarized, translated, included in dashboards, included in maps, used in APIs, used in public-safe outputs, used in public authority materials, used in finance-facing materials, used in GRF inputs, used in GRA inputs, used in Protocol Authority inputs, used in provider materials, used in sponsor materials, used in community-facing materials, or used in public claims.

8.22.3(d) Public-safe status shall identify whether the inference output is internal only, controlled only, public-safe eligible, public-safe approved, public-safe rejected, public-safe redaction required, public-safe aggregation required, responsible non-disclosure required, public-safe correction required, or public-safe withdrawn.

8.22.3(e) Distribution limits shall identify authorized recipients, prohibited recipients, approved rooms, prohibited rooms, approved interfaces, prohibited interfaces, export limits, citation limits, reproduction limits, AI re-use limits, training-use limits, embedding-use limits, retrieval-use limits, translation limits, publication limits, and retention limits.

8.22.3(f) Inference outputs containing or derived from personal information, rights-bearing data, public authority restricted data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, community-protected data, Indigenous or protected knowledge, confidential source information, privileged materials, controlled technology, export-controlled materials, sanctions-sensitive materials, or other restricted materials shall be subject to heightened handling and distribution controls.

8.22.3(g) Where classification or distribution status is uncertain, GCRI Canada shall apply the more protective classification and narrower distribution until review supports broader use through proper record.

8.22.3(h) The controlling rule shall be that inference outputs inherit the restrictions of their inputs, retrieved sources, model context, and generated content, and may travel only within recorded handling and distribution limits.

***

8.22.4 Human Review and Reviewer Notes.\
8.22.4(a) GCRI Canada shall require human review for material inference outputs where AI output affects evidence meaning, public-safe classification, confidence, uncertainty, limitation statements, public authority interpretation, finance-facing interpretation, GRF inputs, GRA inputs, Protocol Authority inputs, dashboards, maps, technical baselines, provider-facing materials, sponsor-facing materials, community-facing materials, protected knowledge treatment, public claims, or downstream dependency.

8.22.4(b) Human review shall identify reviewer role, reviewer authority, reviewer competence, access authority, review scope, review method, review date, conflict status, independence status where material, reviewed inputs, reviewed retrieval context, reviewed output, reviewed citations or sources, reviewed boundary language, reviewed confidence, reviewed uncertainty, reviewed limitations, and reviewer conclusion.

8.22.4(c) Reviewer notes shall identify, where material, source-grounding defects, missing sources, stale sources, unsupported claims, hallucinations, false citations, misclassifications, false precision, omitted uncertainty, omitted limitations, public-safe concerns, public authority overclaim, finance overclaim, certification implication, recognition implication, protocol implication, provider preference, sponsor validation, protected knowledge risk, privacy risk, cybersecurity risk, or correction requirements.

8.22.4(d) Reviewer notes may include approval, conditional approval, rejection, downgrade, qualification, reclassification, public-safe revision, controlled-room limitation, source correction, method correction, prompt correction, retrieval correction, model correction, dashboard correction, map correction, or output correction.

8.22.4(e) Human review shall not be a rubber stamp. A reviewer shall not approve inference output merely because the model is approved, the output is plausible, the wording is polished, the answer matches expectations, the source count is high, the output supports a desired narrative, or the output is sponsor-favorable, provider-favorable, finance-facing, public authority-friendly, or media-useful.

8.22.4(f) Reviewer notes involving sensitive personnel information, public authority restricted materials, protected knowledge, source-protected information, legal privilege, cybersecurity details, or high-consequence disputes shall be access-controlled and public-safe handled.

8.22.4(g) Human review shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.22.4(h) The controlling rule shall be that material AI inference requires human review where institutional meaning or public trust may be affected, and that review must itself be recorded and correctionable.

***

8.22.5 Confidence, Uncertainty, Limitations, and Known Risks.\
8.22.5(a) Each material Inference Record shall identify confidence, uncertainty, limitations, assumptions, proxies, gaps, inference chains, source constraints, model constraints, retrieval constraints, data constraints, public-safe constraints, and known risks material to the inference output.

8.22.5(b) Confidence treatment shall identify whether confidence arises from source quality, source authority, source independence, corroboration, method reliability, model evaluation, retrieval grounding, human review, reproducibility where appropriate, or other recorded basis.

8.22.5(c) Uncertainty treatment shall identify measurement uncertainty, model uncertainty, source uncertainty, temporal uncertainty, spatial uncertainty, contextual uncertainty, statistical uncertainty, operational uncertainty, legal uncertainty, public authority uncertainty, community uncertainty, protected knowledge uncertainty, finance-boundary uncertainty, provider-related uncertainty, sponsor-related uncertainty, and interpretive uncertainty where material.

8.22.5(d) Limitation statements shall identify model limitations, retrieval limitations, embedding limitations, prompt limitations, input limitations, source limitations, data limitations, method limitations, dashboard limitations, map limitations, public-safe limitations, translation limitations, jurisdictional limitations, audience limitations, and downstream-use limitations.

8.22.5(e) Known risks shall include hallucination risk, false citation risk, unsupported summary risk, overconfident classification risk, bias risk, drift risk, source omission risk, context collapse risk, false association risk, public authority overclaim risk, finance overclaim risk, provider preference risk, sponsor validation risk, protected knowledge exposure risk, privacy risk, cybersecurity risk, sovereign data risk, and public-safe misunderstanding risk.

8.22.5(f) Confidence shall not be recorded without uncertainty, and uncertainty shall not be recorded without sufficient context for interpretation. High confidence in retrieved evidence shall not erase uncertainty about scope, interpretation, public authority meaning, finance-facing meaning, provider meaning, sponsor meaning, future conditions, or downstream effect.

8.22.5(g) Where confidence, uncertainty, limitations, or known risks are not adequately identified, the inference output shall be held, downgraded, qualified, reclassified, restricted, rejected, corrected, or escalated before material use.

8.22.5(h) The controlling rule shall be that AI inference must carry confidence, uncertainty, limitations, and risk context because model output without these elements is institutional assertion, not verifiable evidence support.

***

8.22.6 Hallucination, Bias, Drift, Misclassification, Unsafe Output, and Boundary Risk Review.\
8.22.6(a) GCRI Canada shall review material inference outputs for hallucination, bias, drift, misclassification, unsafe output, false precision, source distortion, retrieval failure, protected knowledge exposure, privacy risk, cybersecurity risk, public authority overclaim, finance overclaim, provider preference, sponsor validation, certification implication, recognition implication, protocol implication, public warning implication, emergency-command implication, and execution implication.

8.22.6(b) Hallucination review shall assess whether the output fabricates sources, invents citations, misquotes records, misstates source status, fabricates facts, invents legal authority, invents public authority position, invents finance-readiness, invents GRF status, invents GRA status, invents Protocol Authority effect, or asserts unsupported Nexus compatibility.

8.22.6(c) Bias review shall assess whether the output reflects biased training data, biased retrieval, biased source selection, missing community context, missing Indigenous or protected knowledge context, provider influence, sponsor influence, public authority framing, media framing, language bias, geographic bias, protected group bias, or institutional preference.

8.22.6(d) Drift review shall assess whether model behavior, retrieval sources, embedding stores, data corpora, public authority context, legal context, provider context, sponsor context, community context, or public-safe status has changed in a manner affecting output reliability.

8.22.6(e) Misclassification review shall assess whether the output assigns incorrect data class, evidence class, public-safe status, access class, handling class, confidence, uncertainty, risk class, output class, public authority status, finance-facing status, provider-facing status, sponsor-facing status, protected knowledge status, or Nexus interface status.

8.22.6(f) Unsafe output review shall assess whether the output discloses or enables disclosure of personal information, rights-bearing data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, community-protected data, Indigenous or protected knowledge, confidential source information, privileged material, credentials, secrets, keys, tokens, controlled technology, exploit details, or unsafe geospatial information.

8.22.6(g) Boundary risk review shall assess whether the output could be read as certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence.

8.22.6(h) Where review identifies hallucination, bias, drift, misclassification, unsafe output, or boundary risk, GCRI Canada shall reject, correct, qualify, downgrade, reclassify, restrict, rerun, revise prompts, revise retrieval, revise model use, require human review, suspend affected systems, withdraw outputs, or reissue corrected outputs as appropriate.

8.22.6(i) The controlling rule shall be that AI inference must be reviewed for the ways it can sound authoritative while being wrong, biased, stale, unsafe, misclassified, or boundary-inflating.

***

8.22.7 Output Use Status: Draft, Internal, Controlled, Public-Safe, Rejected, Corrected, Superseded, Withdrawn, or Archived.\
8.22.7(a) Each material Inference Record shall identify output use status, including draft, internal, controlled, controlled-room, public-safe eligible, public-safe approved, public-safe rejected, public authority-facing, GRF-facing, GRA-facing, Protocol Authority-facing, Observatory-facing, Rails-facing, Academy-facing, provider-facing, sponsor-facing, host-facing, community-facing, finance-facing, rejected, corrected, superseded, withdrawn, retracted where applicable, restricted, downgraded, suspended, reinstated, retired, or archived.

8.22.7(b) Draft status shall mean the inference output is not approved for reliance, external circulation, public-safe release, public authority use, finance-facing use, GRF input, GRA input, Protocol Authority input, provider use, sponsor use, public claim, dashboard publication, map publication, or technical baseline use unless reclassified and reviewed.

8.22.7(c) Internal status shall mean the inference output may be used only within approved internal evidence, method, review, correction, or governance processes and shall not be externally circulated without reclassification.

8.22.7(d) Controlled status shall mean the inference output may be used only within approved controlled-room, secure collaboration, clean-room, data-room, public authority room, finance-safe room, safeguards room, cyber room, protected knowledge room, or equivalent restricted context.

8.22.7(e) Public-safe status shall mean the inference output has been reviewed for public-safe release within a recorded scope, audience, confidence, uncertainty, limitations, classification, redaction, aggregation, public authority boundary, finance boundary, provider-neutrality boundary, sponsor non-control boundary, protected knowledge safeguards, and correction path.

8.22.7(f) Rejected status shall mean the inference output shall not be used for material institutional purposes except as a record of model behavior, review, testing, incident analysis, correction, or training.

8.22.7(g) Corrected, superseded, withdrawn, retracted, retired, or archived status shall identify the prior output, replacement output where any, correction basis, effective date, prohibited continued use, permitted archive use, affected dependencies, notice decision, and future retrieval limits.

8.22.7(h) Output use status shall travel with the inference output wherever it is stored, retrieved, summarized, cited, exported, used in Evidence Packs, Decision Packs, dashboards, maps, reports, APIs, public-safe materials, public authority materials, GRF inputs, GRA inputs, Protocol Authority support, provider materials, sponsor materials, host materials, community-facing materials, Academy materials, media materials, or public claims.

8.22.7(i) The controlling rule shall be that AI output has no institutional meaning apart from its use status, because the same text may be a draft, a rejected artifact, a controlled record, or a public-safe output depending on review and classification.

***

8.22.8 Inference Record Retention, Deletion, Sealing, and Legal Hold.\
8.22.8(a) GCRI Canada shall maintain retention, deletion, sealing, archival, and legal hold treatment for Inference Records, inputs, prompts where applicable, queries, retrieval context, retrieved records, embeddings where applicable, model outputs, reviewer notes, logs, public-safe notes, correction records, and dependency records.

8.22.8(b) Retention shall be proportionate to evidence integrity, correctionability, auditability, legal obligations, privacy obligations, cybersecurity obligations, public authority restrictions, sovereign data obligations, protected knowledge obligations, community safeguards, confidentiality, privilege, IP obligations, contractual obligations, public-benefit purpose, and downstream dependency.

8.22.8(c) Deletion shall be used where inference inputs, prompts, queries, retrieved snippets, logs, outputs, temporary files, cached materials, or derived artifacts no longer have lawful, necessary, proportionate, safe, or mission-compatible basis for retention, subject to legal hold, archival requirements, evidence integrity, and correctionability obligations.

8.22.8(d) Sealing shall be used where Inference Records must be preserved but access must be restricted due to privacy, cybersecurity, public authority restriction, sovereign data, protected knowledge, community safety, source protection, legal sensitivity, privilege, commercial sensitivity, finance sensitivity, controlled technology, export-control, sanctions, investigation, dispute, or public-safe risk.

8.22.8(e) Legal hold shall apply where litigation, investigation, public authority process, contractual dispute, governance review, audit review, incident review, privacy request, cybersecurity incident, protected knowledge concern, public authority concern, finance-boundary concern, public claim dispute, or other legal or institutional requirement requires preservation.

8.22.8(f) Inference Record retention shall not be used to retain restricted data, prompts, retrieved context, embeddings, or model outputs beyond lawful and necessary limits merely because retention is convenient, technically automatic, vendor-default, audit-friendly, model-improvement-useful, sponsor-useful, provider-useful, finance-facing useful, or publication-useful.

8.22.8(g) Deletion, sealing, or archival shall not be used to conceal error, suppress correction, avoid accountability, erase model failure, protect sponsor comfort, protect provider comfort, protect public authority comfort, preserve finance-facing usefulness, avoid public-safe correction, or destroy institutional memory.

8.22.8(h) Where Inference Records are deleted, sealed, archived, or placed under legal hold, affected dependency records, retrieval systems, embedding stores, output records, and correction paths shall be updated.

8.22.8(i) The controlling rule shall be that Inference Records must be retained, deleted, sealed, archived, or held according to lawful purpose, safety, auditability, correctionability, and institutional memory, not convenience or concealment.

***

8.22.9 Inference Correction and Re-Issue.\
8.22.9(a) GCRI Canada shall correct and, where appropriate, reissue material inference outputs and Inference Records that are inaccurate, incomplete, misleading, stale, misclassified, overclaimed, source-defective, retrieval-defective, prompt-defective, model-defective, data-defective, method-defective, confidence-defective, uncertainty-defective, limitation-defective, public-safe defective, public authority-defective, finance-boundary defective, provider-neutrality defective, sponsor-control defective, protected-knowledge defective, privacy-defective, cyber-defective, sovereign-data-defective, or no longer fit for purpose.

8.22.9(b) Inference correction may include source correction, retrieval correction, embedding correction, prompt correction, query correction, model correction, system correction, data correction, method correction, confidence change, uncertainty change, limitation revision, classification change, access restriction, output rejection, output relabeling, boundary-language revision, downgrade, suspension, reinstatement, supersession, withdrawal, retraction, archive update, training update, method update, or system update.

8.22.9(c) Re-issue shall be used where corrected inference output can safely and lawfully replace a prior output. Re-issued inference outputs shall identify, where appropriate, prior output, corrected output, correction basis, effective date, scope of change, continuing limitations, revised confidence, revised uncertainty, revised public-safe status, revised boundary language, permitted use, prohibited use, affected dependencies, and archive link to prior versions.

8.22.9(d) Controlled re-issue shall be used where corrected inference output may be released only to authorized recipients, rooms, interfaces, public authorities, GRF, GRA, Protocol Authority, providers, sponsors, hosts, communities, or other controlled audiences. Controlled re-issue shall preserve access restrictions, confidentiality, public authority restrictions, finance-sensitive restrictions, protected knowledge safeguards, source protection, and correction path.

8.22.9(e) Public-safe re-issue shall be used where corrected inference output replaces a prior public-safe output, public dashboard, public map, public report, public-safe summary, public-good software documentation, technical baseline summary, Academy material, media material, or public claim.

8.22.9(f) Where an inference output has been used to imply public warning, emergency command, public authority decision, finance-readiness, investment advice, certification, recognition, protocol effect, procurement approval, provider endorsement, sponsor approval, rating, guarantee, operational clearance, legal status, or execution consequence, GCRI Canada shall consider public-safe correction notice, controlled notice, withdrawal, retraction, removal of misleading references, interface suspension, or legal action where appropriate.

8.22.9(g) Re-issued inference outputs shall not be represented as certified, recognized, finance-ready, public-authority-approved, procurement-approved, provider-endorsed, sponsor-approved, protocol-effective, operationally cleared, guaranteed, official, final, risk-free, or execution-ready merely because they have been corrected and reissued.

8.22.9(h) Inference correction and re-issue records shall be linked, where applicable, to Model Register entries, System Card entries, Dataset Register entries, Retrieval and Embedding Records, Compute Workload Records, Evidence Register entries, Method Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.22.9(i) The controlling rule shall be that AI inference remains institutionally usable only where wrong, unsafe, stale, overclaimed, or misclassified output can be corrected and reissued without erasing the record of what changed.

***

8.22.10 Inference Register and Audit Sampling.\
8.22.10(a) GCRI Canada shall maintain, or cause to be maintained, an Inference Register for material AI outputs and shall maintain audit sampling for Inference Records proportionate to model risk, data class, evidence class, output class, public-safe status, public authority relevance, finance relevance, GRF relevance, GRA relevance, Protocol Authority relevance, provider relevance, sponsor relevance, protected knowledge relevance, privacy risk, cybersecurity risk, sovereign data risk, public claims risk, and downstream dependency.

8.22.10(b) The Inference Register shall identify inference title or identifier, model, model version, system, system version, workload, environment, user or actor, date, purpose, input class, retrieval sources where applicable, output class, output use status, classification, access class, handling class, public-safe status, confidence, uncertainty, limitations, human review status, reviewer where applicable, correction path, supersession path, withdrawal path, retraction path where applicable, retention status, archive path, and dependency links.

8.22.10(c) The Inference Register shall distinguish draft inferences, internal inferences, controlled inferences, public-safe inferences, public authority-facing inferences, GRF-facing inferences, GRA-facing inferences, Protocol Authority-facing inferences, Observatory-facing inferences, Rails-facing inferences, Academy-facing inferences, provider-facing inferences, sponsor-facing inferences, host-facing inferences, community-facing inferences, rejected inferences, corrected inferences, superseded inferences, withdrawn inferences, retracted inferences, restricted inferences, sealed inferences, retired inferences, and archived inferences.

8.22.10(d) Audit sampling may review whether Inference Records correctly identify inputs, prompts, queries, retrieval context, model version, environment, user, source grounding, classification, handling class, public-safe status, distribution limits, human review, confidence, uncertainty, limitations, hallucination risk, bias risk, drift risk, misclassification risk, unsafe output risk, boundary risk, output use status, correction history, and dependency links.

8.22.10(e) Audit sampling shall prioritize high-consequence inferences, public-safe inferences, public authority-facing inferences, finance-facing inferences, GRF inputs, GRA inputs, Protocol Authority inputs, dashboard inferences, map inferences, technical baseline inferences, public-good software inferences, provider-facing inferences, sponsor-facing inferences, protected knowledge inferences, community-facing inferences, public claims, corrected inferences, disputed inferences, and inferences generated by higher-risk models or systems.

8.22.10(f) Audit findings may require model restriction, system restriction, retrieval correction, embedding correction, prompt revision, query revision, output correction, public-safe correction, human review update, training update, method update, access control change, logging change, monitoring change, dependency review, Board or committee reporting, or independent review where appropriate.

8.22.10(g) The Inference Register and audit sampling shall be linked, where applicable, to the Model Register, System Card Register, Dataset Register, Retrieval and Embedding Records, Compute Workload Register, Evidence Register, Method Register, Output Class Register, Publication and Public-Safe Output Register, Correction Register, Dependency Register, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.22.10(h) The Inference Register and audit sampling shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.22.10(i) The controlling rule shall be that inference governance requires a register and sampling discipline because AI outputs are too easily reused, copied, summarized, and relied upon without remembering their source, limits, review status, and correction path.

### 8.23 Human Review for Material AI Outputs

8.23.1 Human Review as Requirement for Material AI Outputs.\
8.23.1(a) GCRI Canada shall require human review for material AI outputs where such outputs materially affect evidence meaning, source comparison, confidence, uncertainty, limitation treatment, public-safe classification, public authority materials, finance-facing materials, The Global Risks Forum (GRF) inputs, The Global Risks Alliance (GRA) inputs, Protocol Authority inputs, Nexus Observatory outputs, Nexus Risk Management outputs, Nexus Rails outputs, Nexus Grid inputs, Nexus Academy materials, dashboards, maps, APIs, datasets, Evidence Packs, Decision Packs, technical baselines, public-good software, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, media materials, public claims, or correction workflows.

8.23.1(b) Human review shall be required where an AI output is used to draft, summarize, classify, translate, compare, score, route, visualize, infer, extract, cite, evaluate, correct, publish, or otherwise shape any institutional output that may be relied upon by internal reviewers, public authorities, GRF, GRA, Protocol Authority, Nexus entities, providers, sponsors, hosts, communities, universities, National Companies, Project SPVs, capital readers, media actors, or the public.

8.23.1(c) Human review shall not be optional merely because the model is approved, the model is high-performing, the system is registered, the inference is logged, the source corpus is approved, the output appears plausible, the output is fluent, the output includes citations, the output is consistent with prior drafts, the output is produced in an approved environment, or the output is time-sensitive.

8.23.1(d) Human review shall be proportionate to the output’s risk, including data class, evidence class, output class, public-safe status, public authority relevance, finance relevance, GRF relevance, GRA relevance, Protocol Authority relevance, provider relevance, sponsor relevance, protected knowledge relevance, community relevance, privacy risk, cybersecurity risk, sovereign data risk, legal risk, controlled-technology risk, and downstream dependency.

8.23.1(e) Human review may be lightweight for low-risk internal drafting or non-material administrative use, provided that no such output shall be used as evidence, public-safe material, public authority material, finance-facing material, GRF input, GRA input, Protocol Authority input, dashboard, map, technical baseline, public claim, or correction record unless reviewed at the level required for that use.

8.23.1(f) Human review shall not convert AI output into certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.23.1(g) Where material AI output has been used without required human review, GCRI Canada shall identify affected outputs, classify the defect, restrict or hold affected outputs where appropriate, complete review where possible, correct or supersede the output where required, and update affected dependency records.

8.23.1(h) The controlling rule shall be that material AI output shall not become institutional evidence or public-good intelligence unless a qualified human review pathway has tested its source grounding, limits, boundaries, safety, and correctionability.

***

8.23.2 Qualified Reviewer Requirement.\
8.23.2(a) Human review of material AI outputs shall be conducted by a qualified reviewer or reviewer group with recorded competence, role authority, access authority, subject-matter familiarity, institutional boundary awareness, conflict status, and review scope appropriate to the output.

8.23.2(b) Reviewer qualification shall be assessed by reference to the review purpose, including evidence review, source-lineage review, method review, model review, public-safe review, privacy review, cybersecurity review, sovereign data review, safeguards review, Indigenous or protected knowledge review, public authority boundary review, finance boundary review, provider-neutrality review, sponsor non-control review, legal review, competition review, interface review, technical review, or publication review.

8.23.2(c) A reviewer shall not be treated as qualified merely because the reviewer is senior, available, involved in the project, technically fluent, familiar with AI, affiliated with a prestigious institution, employed by a provider, supported by a sponsor, present in a public authority room, or aligned with a desired output.

8.23.2(d) Where a material AI output crosses multiple domains, GCRI Canada may require layered review, including technical reviewer, evidence reviewer, public-safe reviewer, legal or boundary reviewer, public authority reviewer where appropriate, finance-boundary reviewer where appropriate, safeguards reviewer where appropriate, and Board or committee review where high-consequence risk requires.

8.23.2(e) Reviewers shall have access only to the materials required for their review and shall remain bound by access class, handling class, confidentiality, privacy, cybersecurity, sovereign data, public authority, protected knowledge, public-safe, finance-boundary, provider-neutrality, sponsor non-control, and correction controls.

8.23.2(f) Where no qualified reviewer is available, the AI output shall be held, restricted, classified as draft, routed to a qualified reviewer, converted into controlled-room review, narrowed in scope, or refused for material use until adequate review can be completed.

8.23.2(g) Reviewer qualification shall not create professional advice, public authority decision, certification, recognition, finance-readiness, protocol effect, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, operational clearance, or execution consequence by default.

8.23.2(h) The controlling rule shall be that human review is meaningful only when the reviewer is qualified for the evidence, domain, audience, boundary, and risk being reviewed.

***

8.23.3 Review for Evidence Accuracy.\
8.23.3(a) Human review for material AI outputs shall assess evidence accuracy, including whether the AI output accurately states facts, faithfully summarizes sources, correctly identifies evidence status, preserves source context, distinguishes evidence from inference, distinguishes facts from assumptions, and avoids unsupported conclusions.

8.23.3(b) Evidence accuracy review shall examine whether the output misstates, omits, exaggerates, compresses, mistranslates, misattributes, misclassifies, overgeneralizes, or falsely reconciles the underlying evidence.

8.23.3(c) Review shall assess whether the output introduces fabricated facts, unsupported causal claims, unsupported trend claims, unsupported legal meaning, unsupported finance meaning, unsupported public authority meaning, unsupported recognition meaning, unsupported certification meaning, unsupported protocol meaning, unsupported provider meaning, unsupported sponsor meaning, or unsupported execution meaning.

8.23.3(d) Where the AI output summarizes multiple sources, the reviewer shall assess whether the output preserves material differences, conflicts, time periods, jurisdictions, community context, public authority context, provider context, sponsor context, confidence states, uncertainty states, limitation states, and correction status.

8.23.3(e) Where the AI output produces classifications, labels, scores, routes, risk statements, resilience statements, maturity-context language, readiness-context language, public-safe summaries, dashboards, maps, or technical baseline language, the reviewer shall assess whether such outputs are supported by recorded evidence and do not imply greater authority than the record permits.

8.23.3(f) Evidence accuracy review shall not approve an output because it is useful, concise, polished, persuasive, convenient, sponsor-favorable, provider-favorable, finance-facing, public authority-friendly, media-useful, or consistent with institutional narrative if the evidence record does not support the output.

8.23.3(g) Where evidence accuracy defects are found, the reviewer shall require correction, source re-check, method review, confidence downgrade, uncertainty revision, limitation revision, reclassification, restriction, rejection, supersession, withdrawal, or reissue as appropriate.

8.23.3(h) The controlling rule shall be that AI output must be judged against the evidence record, not against plausibility, fluency, usefulness, or institutional preference.

***

8.23.4 Review for Source Lineage and Citability.\
8.23.4(a) Human review for material AI outputs shall assess source lineage and citability, including whether claims are traceable to identified sources, source records, dataset records, method records, model records, inference records, retrieval records, output records, or other records-valid evidence.

8.23.4(b) Source-lineage review shall identify whether the AI output uses primary sources, derived sources, summarized sources, AI-generated sources, model-generated sources, public authority sources, community sources, Indigenous or protected knowledge sources, provider sources, sponsor sources, host sources, university or laboratory sources, public records, historical records, or public-safe summaries, and whether such use is appropriate for the claim.

8.23.4(c) Citability review shall assess whether cited sources actually support the cited statement, whether citations are current, whether citations are to the correct version, whether the source is superseded, withdrawn, retracted, disputed, restricted, public-safe, or controlled, and whether citation would expose restricted material or create misleading authority.

8.23.4(d) AI-generated citations, retrieved snippets, file names, repository names, public authority references, quoted passages, links, or summaries shall not be accepted without review where they materially support an output.

8.23.4(e) Where an AI output relies on a source that is not citable publicly because of privacy, cybersecurity, public authority restriction, sovereign data, protected knowledge, source protection, confidentiality, legal sensitivity, commercial sensitivity, finance sensitivity, controlled technology, export-control, sanctions, or public-safe limits, the reviewer shall determine whether to use a controlled citation, public-safe paraphrase, responsible non-disclosure, controlled annex, or no-publication treatment.

8.23.4(f) Review shall distinguish source existence from source support. A source shall not be treated as supporting a claim merely because it contains related words, appears in retrieval, is authoritative in another context, is cited by an AI system, or is associated with the same project, technology, public authority, provider, sponsor, or Nexus interface.

8.23.4(g) Where source lineage or citability is defective, the output shall be corrected, rejected, held, downgraded, re-sourced, reclassified, restricted, or routed to additional review before material use.

8.23.4(h) The controlling rule shall be that material AI output must be source-lined because claims that cannot be traced cannot be corrected, defended, or safely published.

***

8.23.5 Review for Confidence, Uncertainty, and Limitation Treatment.\
8.23.5(a) Human review for material AI outputs shall assess whether confidence, uncertainty, and limitations are accurately identified, appropriately paired, sufficiently explained, and proportionate to the evidence record, model use, output class, audience, and downstream risk.

8.23.5(b) Confidence review shall assess whether confidence language is supported by source quality, corroboration, timeliness, calibration, completeness, independence, reproducibility, review status, method reliability, model evaluation, retrieval grounding, and context.

8.23.5(c) Uncertainty review shall assess whether the output identifies material measurement, model, source, temporal, spatial, contextual, statistical, operational, legal, public authority, community, protected knowledge, finance-boundary, provider-related, sponsor-related, and interpretive uncertainty where applicable.

8.23.5(d) Limitation review shall assess whether the output states or links to source limitations, method limitations, data limitations, model limitations, AI limitations, retrieval limitations, embedding limitations, dashboard limitations, map limitations, digital twin limitations, simulation limitations, public-safe limitations, jurisdictional limitations, audience limitations, and downstream-use limitations.

8.23.5(e) Review shall identify false precision, including unsupported numeric certainty, misleading rankings, unexplained scores, overconfident labels, dashboard colors, map symbols, benchmark comparisons, risk indicators, resilience indicators, maturity-context signals, readiness-context signals, or AI-generated conclusions that appear more exact than the record supports.

8.23.5(f) Confidence shall not be approved without uncertainty, and uncertainty shall not be approved without interpretive context. High confidence in a narrow evidence statement shall not be allowed to migrate into broad public authority, finance, recognition, certification, provider, sponsor, protocol, or execution meaning.

8.23.5(g) Where confidence, uncertainty, or limitation treatment is defective, the reviewer shall require revision, downgrade, qualification, public-safe explanation, controlled-room treatment, reclassification, restriction, or rejection before material use.

8.23.5(h) The controlling rule shall be that reviewed AI output must show not only what it says, but how strongly it can be said, what remains uncertain, and where its meaning stops.

***

8.23.6 Review for Public-Safe Publication.\
8.23.6(a) Human review for public-safe publication shall be required before material AI outputs are released externally, published publicly, included in public-safe reports, public dashboards, public maps, public websites, public repositories, public-good software documentation, technical baseline summaries, Academy materials, media materials, event materials, public-safe correction notices, or public claims.

8.23.6(b) Public-safe review shall assess whether the output discloses or enables disclosure of personal information, rights-bearing data, health-sensitive data, cyber-sensitive information, infrastructure-sensitive information, public authority restricted information, sovereign-sensitive information, finance-sensitive information, community-protected information, Indigenous or protected knowledge, confidential source information, privileged material, credentials, secrets, keys, tokens, controlled technology, exploit details, unsafe geospatial information, commercial sensitivity, or other restricted material.

8.23.6(c) Public-safe review shall assess title, framing, headings, labels, tables, charts, dashboards, maps, colors, icons, scores, summaries, citations, captions, metadata, file names, repository descriptions, public authority references, provider references, sponsor acknowledgments, Nexus references, social summaries, media snippets, and third-party quotation risk.

8.23.6(d) Public-safe review shall ensure that public output includes or links to appropriate confidence, uncertainty, limitations, public-safe omissions, responsible non-disclosure basis where material, permitted use, prohibited use, boundary language, correction path, supersession path, withdrawal path, and retraction path where applicable.

8.23.6(e) Public-safe review shall assess whether simplification, translation, localization, visualization, summarization, or AI-generated explanation removes material caveats or creates misleading certainty, public warning implication, emergency-command implication, public authority implication, finance implication, certification implication, recognition implication, protocol implication, provider preference, sponsor validation, or execution implication.

8.23.6(f) Where full information cannot safely be published, the reviewer may require redaction, aggregation, generalization, safe-location treatment, controlled annex, public-safe summary, delayed publication, restricted distribution, responsible non-disclosure, or no-publication treatment.

8.23.6(g) Public-safe approval shall be limited to the specific output, version, audience, publication channel, public-safe status, boundary language, and correction path reviewed. It shall not approve future reuse, translation, excerpting, summarization, media use, dashboard reuse, map reuse, sponsor use, provider use, finance-facing use, public authority use, or third-party public claim by default.

8.23.6(h) The controlling rule shall be that public-safe publication review must prevent the public release of both unsafe information and unsafe meaning.

***

8.23.7 Review for Public Authority Boundary.\
8.23.7(a) Human review for material AI outputs shall assess public authority boundary where the output involves public authority data, public authority participation, regulator-listening context, emergency-management context, public finance context, procurement context, public health context, public-sector systems, official records, public authority learning materials, public authority rooms, agency references, jurisdictional references, public warning-adjacent topics, or public-law-sensitive matters.

8.23.7(b) Public authority boundary review shall assess whether the output could be misread as official guidance, public authority decision, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, public health order, public safety directive, compliance determination, enforcement position, safe harbor, permit, license, public adoption, sovereign obligation, or delegated public power.

8.23.7(c) Review shall assess whether public authority attendance, participation, data contribution, comments, quotations, logos, titles, photographs, agency references, regulator-listening presence, public finance presence, emergency-management presence, or public authority room participation are described in a manner that implies endorsement, adoption, approval, delegation, procurement relevance, funding relevance, public warning, or official status.

8.23.7(d) AI outputs prepared for public authority learning shall include appropriate public authority capacity classification, non-delegation language, non-endorsement language, non-regulatory language, non-procurement language, non-funding language, non-public-finance language, non-warning language, non-emergency-command language, confidence, uncertainty, limitations, and correction path.

8.23.7(e) Where a competent public authority uses an AI-supported GCRI Canada output in its own lawful process, the output shall preserve the distinction between GCRI Canada evidence support and the public authority’s independent action, duties, records, and accountability.

8.23.7(f) Public authority boundary review shall not suppress accurate evidence merely because evidence may be uncomfortable to a public authority, but it shall prevent GCRI Canada from becoming or appearing to become the public authority.

8.23.7(g) Where public authority boundary risk is identified, the reviewer shall require correction, revised boundary language, reclassification, controlled-room treatment, public-safe revision, removal of misleading public authority references, restriction, withdrawal, reissue, or notice to affected public authority interfaces where appropriate.

8.23.7(h) The controlling rule shall be that AI-supported public authority materials must support public learning without creating public power.

***

8.23.8 Review for Finance-Readiness Boundary.\
8.23.8(a) Human review for material AI outputs shall assess finance-readiness boundary where the output may be used in finance-facing materials, GRA inputs, capital-reader literacy materials, Proof Pack components, RNFD inputs, NFD inputs, UNFSD inputs, insurance-readiness inputs, Rails handoffs, National Company materials, Project SPV materials, sponsor materials, provider materials, host materials, public finance materials, lending materials, insurance materials, investment materials, or capital-reader rooms.

8.23.8(b) Finance-boundary review shall assess whether the output could be misread as finance-readiness, capital-readiness, insurance-readiness, investment advice, securities recommendation, brokerage, placement, finder activity, lending decision, underwriting decision, insurance approval, insurance placement, rating, guarantee, public finance approval, capital commitment, bankability, fundability, credit quality, insurance quality, investment quality, or financial suitability.

8.23.8(c) Review shall assess whether confidence scores, risk indicators, resilience indicators, readiness-context language, host readiness evidence, node evidence, Proof Pack components, dashboards, maps, benchmark results, technical baselines, or AI-generated summaries are framed in a manner that could create financial reliance beyond GCRI Canada’s role.

8.23.8(d) AI outputs prepared for GRA or finance-facing interfaces shall include no-advice language, no-solicitation language, no-rating language, no-guarantee language, no-public-finance-approval language, no-capital-commitment language, confidence, uncertainty, limitations, permitted use, prohibited use, and correction path where material.

8.23.8(e) Finance-boundary review shall assess whether the output uses terms such as “investment-ready,” “bankable,” “fundable,” “insured,” “underwritten,” “rated,” “guaranteed,” “approved,” “capital-ready,” “finance-ready,” or similar language in a way that exceeds recorded authority.

8.23.8(f) Finance-boundary review shall not suppress accurate technical evidence merely because it may be useful to capital readers, but it shall prevent GCRI Canada from producing or appearing to produce financial advice, ratings, guarantees, approvals, or capital consequences.

8.23.8(g) Where finance-boundary risk is identified, the reviewer shall require correction, revised boundary language, reclassification, controlled-room treatment, finance-safe revision, removal of misleading finance language, restriction, withdrawal, reissue, or notice to affected GRA or finance-facing interfaces where appropriate.

8.23.8(h) The controlling rule shall be that AI-supported finance-facing material may support capital literacy and evidence discipline, but it shall not become finance-readiness, investment advice, rating, guarantee, or financial approval.

***

8.23.9 Review for Recognition, Certification, Protocol Authority, Procurement, Provider, Sponsor, and Execution Boundary.\
8.23.9(a) Human review for material AI outputs shall assess recognition, certification, Protocol Authority, procurement, provider, sponsor, host, National Company, Project SPV, market, and execution boundary risks.

8.23.9(b) Recognition-boundary review shall assess whether the output could be misread as GRF recognition, standing, maturity record, claims approval, stakeholder formation, public-facing legitimacy, registry status, public-safe reporting status, or public claim approval.

8.23.9(c) Certification-boundary review shall assess whether the output could be misread as technical certification, safety certification, security certification, compliance certification, professional certification, Nexus-compatible status, conformance determination, approval, validated status, verified status, maturity status, readiness status, operational clearance, or legal status.

8.23.9(d) Protocol Authority review shall assess whether the output could be misread as protocol effect, role key, smart license, entitlement state, proof-receipt legal effect, external force, conformance result, standards approval, technical validity status, or Protocol Authority decision by default.

8.23.9(e) Procurement and provider review shall assess whether the output could create procurement decision, vendor award, preferred vendor status, public tender advantage, provider ranking, provider endorsement, provider superiority claim, market allocation, or purchasing recommendation.

8.23.9(f) Sponsor and host review shall assess whether the output could imply sponsor approval, sponsor control, outcome purchase, publication influence, public authority access purchase, provider access purchase, host control, host approval, institutional capture, or public-good stack drift.

8.23.9(g) Execution-boundary review shall assess whether the output could create or imply National Company authority, Project SPV authority, operational control, infrastructure operation, deployment instruction, contracting authority, financing authority, public authority action, emergency command, market consequence, or execution consequence.

8.23.9(h) Where any boundary risk under this section is identified, the reviewer shall require revised language, controlled vocabulary correction, boundary language, reclassification, restricted release, interface-specific use limits, removal of badges or status language, correction, withdrawal, retraction, or notice to affected interfaces as appropriate.

8.23.9(i) The controlling rule shall be that AI outputs shall not collapse institutional boundaries by using fluent language that sounds like recognition, certification, protocol authority, procurement preference, provider endorsement, sponsor approval, or execution readiness.

***

8.23.10 Review for Privacy, Data Rights, Cybersecurity, Sovereign Data, Protected Knowledge, and Safeguards.\
8.23.10(a) Human review for material AI outputs shall assess privacy, data rights, cybersecurity, sovereign data, public authority restrictions, protected knowledge, community safeguards, Indigenous safeguards, source protection, confidentiality, legal sensitivity, controlled technology, export-control, sanctions, and do-no-harm obligations where applicable.

8.23.10(b) Privacy and data-rights review shall assess whether the output contains, reveals, infers, links to, re-identifies, profiles, exposes, or enables misuse of personal information, rights-bearing data, location data, health-sensitive data, small-group identifiable data, behavioral data, metadata, or protected participant information.

8.23.10(c) Cybersecurity review shall assess whether the output discloses or enables misuse of credentials, secrets, keys, tokens, vulnerabilities, exploit details, security controls, infrastructure topology, cyber logs, incident evidence, malware indicators, attack patterns, repository details, API details, or other cyber-sensitive information.

8.23.10(d) Sovereign data review shall assess whether the output respects data residency, localization, cross-border transfer limits, compute-to-data restrictions, public authority data controls, national data infrastructure requirements, Indigenous data considerations, community data safeguards, and jurisdictional access limits.

8.23.10(e) Protected knowledge and safeguards review shall assess whether the output exposes, extracts, erases, misattributes, decontextualizes, commodifies, maps, summarizes, translates, models, or publicizes Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, traditional ecological knowledge, sensitive-site information, protected knowledge, community vulnerability information, confidential community inputs, or knowledge shared under trust conditions.

8.23.10(f) Source protection review shall assess whether the output exposes confidential sources, whistleblowers, protected participants, vulnerable persons, affected communities, public officials in sensitive contexts, field participants, or persons exposed to retaliation.

8.23.10(g) Where privacy, data rights, cybersecurity, sovereign data, protected knowledge, or safeguards risk is identified, the reviewer shall require redaction, aggregation, generalization, safe-location treatment, controlled-room treatment, sealing, no-publication treatment, access restriction, revised output, correction, withdrawal, notice, or escalation as appropriate.

8.23.10(h) The controlling rule shall be that AI outputs shall not be reviewed only for correctness; they must also be reviewed for whether correctness would create harm if released, retrieved, inferred, or reused.

***

8.23.11 Reviewer Independence, Conflict Disclosure, and Recusal.\
8.23.11(a) GCRI Canada shall require reviewer independence, conflict disclosure, and recusal where material AI output review may be affected by financial interest, sponsor relationship, provider relationship, host relationship, public authority relationship, capital-reader relationship, National Company relationship, Project SPV relationship, university relationship, personal interest, reputational interest, publication interest, authorship interest, prior involvement, advocacy position, or other conflict.

8.23.11(b) Reviewer independence shall be proportionate to risk. Outputs affecting public-safe publication, public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider comparisons, sponsor-supported outputs, benchmarks, public claims, high-consequence uncertainty, protected knowledge, privacy, cybersecurity, sovereign data, or major correction may require independent, layered, committee, officer, Board, or external review.

8.23.11(c) Reviewers shall disclose actual, potential, and perceived conflicts before or during review, including relationships to sponsors, providers, hosts, funders, donors, public authorities, capital readers, National Companies, Project SPVs, communities, universities, vendors, model providers, dataset providers, benchmark subjects, or public claims affected by the output.

8.23.11(d) A reviewer shall recuse where the reviewer cannot provide impartial review, lacks required independence, has a direct material interest, is reviewing their own contested output without independent oversight, is subject to sponsor or provider pressure, is involved in an unresolved dispute, or is otherwise unable to preserve GCRI Canada’s public-benefit duties.

8.23.11(e) Recusal shall not be used to avoid difficult review, suppress dissent, delay correction, protect sponsors, protect providers, avoid public authority discomfort, preserve finance-facing usefulness, or prevent public-safe publication where proper independent review is available.

8.23.11(f) Where reviewer conflict is managed rather than requiring recusal, the record shall identify the conflict, mitigation, reason recusal was not required, additional reviewers where any, scope limits, and approval authority.

8.23.11(g) Reviewer independence and conflict records shall not be used to harass, retaliate against, exclude, or discredit reviewers or challengers acting in good faith.

8.23.11(h) The controlling rule shall be that AI output review must be independent enough to protect evidence from institutional preference, sponsor influence, provider influence, public authority pressure, finance pressure, and author bias.

***

8.23.12 Human Review Records and Reviewer Accountability.\
8.23.12(a) GCRI Canada shall maintain, or cause to be maintained, Human Review Records for material AI outputs and related reviewer accountability records proportionate to output risk.

8.23.12(b) Human Review Records shall identify output title or identifier, inference record, model, system, dataset, retrieval source, output class, output use status, evidence question, review purpose, reviewer, reviewer role, reviewer authority, reviewer competence, access authority, conflict status, review date, review scope, materials reviewed, sources checked, confidence reviewed, uncertainty reviewed, limitations reviewed, public-safe status reviewed, boundary language reviewed, defects identified, corrections required, approval status, conditions, dissent where any, escalation pathway, and closeout status.

8.23.12(c) Reviewer accountability shall require reviewers to act in good faith, within competence, within authority, with appropriate independence, with attention to evidence, source lineage, confidence, uncertainty, limitations, public-safe status, privacy, cybersecurity, sovereign data, protected knowledge, public authority boundary, finance boundary, provider neutrality, sponsor non-control, role separation, and correctionability.

8.23.12(d) Human Review Records shall distinguish approval, conditional approval, rejection, correction required, additional source review required, additional method review required, additional model review required, public-safe review required, legal review required, privacy review required, cybersecurity review required, safeguards review required, public authority boundary review required, finance boundary review required, committee escalation, officer escalation, Board escalation, and independent review required.

8.23.12(e) Human Review Records shall be linked, where applicable, to Inference Records, Model Register entries, System Card entries, Dataset Register entries, Retrieval and Embedding Records, Compute Workload Records, Evidence Register entries, Method Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.23.12(f) Where a reviewed AI output is later corrected, challenged, reclassified, restricted, downgraded, superseded, withdrawn, retracted, or archived, the Human Review Record shall be reviewed to determine whether reviewer guidance, training, methods, model controls, retrieval controls, public-safe controls, or boundary controls require update.

8.23.12(g) Human Review Records and reviewer accountability shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.23.12(h) The controlling rule shall be that human review must itself be recorded, accountable, and correctionable because unrecorded review cannot protect against model error, institutional overclaim, unsafe publication, or boundary drift.

### 8.24 Agentic AI Controls

8.24.1 Agentic AI as High-Control Technology Surface.\
8.24.1(a) GCRI Canada shall treat agentic AI, autonomous or semi-autonomous model workflows, tool-using AI systems, AI systems capable of planning, sequencing, invoking tools, accessing repositories, querying systems, modifying files, communicating externally, moving data, executing code, generating publications, or triggering downstream workflows as a high-control technology surface within GCRI Canada’s evidence, methods, Verifiable Compute, Verifiable Intelligence, Nexus Truth Engine, Nexus Observatory, public-good software, open technical baseline, public-safe publication, and correction architecture.

8.24.1(b) Agentic AI shall mean any AI-enabled system, model, workflow, assistant, script, orchestration layer, software agent, multi-agent system, retrieval agent, coding agent, research agent, publication agent, dashboard agent, map agent, repository agent, data-processing agent, monitoring agent, correction agent, or interface agent that can perform or propose actions beyond single-turn passive output generation.

8.24.1(c) Agentic AI shall be governed more restrictively than non-agentic AI where the system may access tools, invoke APIs, retrieve records, move data, modify repositories, execute code, alter dashboards, alter maps, alter datasets, trigger publication, send messages, open tickets, create records, delete records, route materials, affect permissions, affect credentials, or interact with external actors.

8.24.1(d) Agentic AI shall not be used in any material GCRI Canada context unless the agent’s purpose, model identity, system identity, tool permissions, data access, retrieval sources, memory status where applicable, environment, approved actions, prohibited actions, human approval gates, logs, monitoring, suspension path, incident path, correction path, and retirement path are recorded.

8.24.1(e) Agentic AI shall be subject to heightened review where it may affect personal information, rights-bearing data, public authority data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, community-protected data, Indigenous or protected knowledge, confidential source information, privileged materials, controlled technology, export-controlled materials, sanctions-sensitive materials, public-safe outputs, finance-facing materials, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, dashboards, maps, repositories, technical baselines, public-good software, or public claims.

8.24.1(f) Agentic AI shall not be treated as safe merely because the underlying model is registered, the system is approved, the agent is sandboxed, tool calls are logged, outputs are fluent, the workflow is efficient, the provider is reputable, the sponsor supports the tool, or the agent has performed correctly in prior cases.

8.24.1(g) Agentic AI shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, contractual obligation, or execution consequence by default.

8.24.1(h) The controlling rule shall be that agentic AI is a high-control surface because an AI system that can act, route, alter, publish, communicate, delete, or execute can create institutional consequences even when no human intended such consequences.

***

8.24.2 Tool Permission Mapping.\
8.24.2(a) GCRI Canada shall maintain tool permission mapping for any material agentic AI system used by or on behalf of GCRI Canada.

8.24.2(b) Tool permission mapping shall identify each tool, connector, API, repository, database, dashboard, map, data room, controlled room, model service, compute environment, code execution environment, messaging system, publication system, ticketing system, file system, identity system, access-management system, logging system, deletion system, or external service that the agent may access or invoke.

8.24.2(c) For each tool, the permission map shall identify permitted actions, prohibited actions, read permissions, write permissions, execution permissions, export permissions, deletion permissions, publication permissions, communication permissions, administrative permissions, credential permissions, approval requirements, rate limits where applicable, logging requirements, monitoring requirements, and suspension path.

8.24.2(d) Tool permissions shall be role-based, purpose-bound, least-privilege, time-bound where appropriate, environment-bound, workload-bound, audience-bound, and output-class-bound.

8.24.2(e) Tool permission mapping shall distinguish view-only access, retrieval access, summarization access, classification access, draft-generation access, code-suggestion access, code-execution access, repository-write access, dashboard-edit access, map-edit access, dataset-edit access, publication-access, external-message access, deletion access, credential access, administrative access, and escalation access.

8.24.2(f) Agentic AI shall not receive broad, inherited, default, personal-account, administrator, owner, root, organization-wide, cross-tenant, cross-program, cross-entity, cross-border, public-authority-facing, finance-facing, provider-facing, sponsor-facing, or controlled-room access unless expressly recorded, justified, time-limited where appropriate, monitored, and subject to human approval gates.

8.24.2(g) Where tool permission mapping is incomplete, stale, overbroad, ambiguous, unreviewed, inconsistent with data classification, inconsistent with public-safe status, inconsistent with public authority restrictions, inconsistent with finance boundaries, inconsistent with protected knowledge safeguards, or inconsistent with GCRI Canada’s non-execution mandate, agentic use shall be held, restricted, reconfigured, or refused.

8.24.2(h) The controlling rule shall be that an agent may do only what its tool map expressly permits, and any tool not mapped, authorized, logged, bounded, and correctable shall be unavailable to the agent.

***

8.24.3 Prohibited Agentic Actions.\
8.24.3(a) GCRI Canada shall prohibit agentic AI from taking, initiating, completing, approving, or representing any action outside recorded authority, outside tool permission mapping, outside approved workload scope, outside approved environment, outside approved data class, outside approved output class, outside approved audience, or outside GCRI Canada’s non-executing mandate.

8.24.3(b) Prohibited agentic actions shall include issuing public warnings, emergency commands, evacuation instructions, public safety directives, public authority decisions, regulatory interpretations, enforcement positions, procurement decisions, provider selections, finance-readiness determinations, investment recommendations, insurance approvals, ratings, guarantees, certifications, recognitions, Protocol Authority effects, operational clearances, legal conclusions, medical conclusions, professional advice, public claims, contractual commitments, or execution instructions.

8.24.3(c) Agentic AI shall not sign contracts, accept terms, submit bids, approve purchase orders, commit funds, issue invoices, make grants, initiate payments, approve reimbursements, bind GCRI Canada to obligations, open or close regulated accounts, make securities or insurance representations, create capital-reader commitments, or create public finance implications.

8.24.3(d) Agentic AI shall not contact public authorities, regulators, emergency-management actors, public finance actors, procurement actors, community representatives, Indigenous institutions, protected knowledge holders, providers, sponsors, hosts, capital readers, media actors, National Companies, Project SPVs, GRF, GRA, Protocol Authority, or Nexus entities externally unless the communication is human-approved, recorded, boundary-reviewed, and within permitted scope.

8.24.3(e) Agentic AI shall not publish, post, email, distribute, release, expose, upload, export, quote, cite, summarize externally, alter public websites, alter public dashboards, alter public maps, alter public repositories, or issue public-safe materials without required human approval and output-class review.

8.24.3(f) Agentic AI shall not delete, seal, archive, overwrite, reclassify, withdraw, retract, supersede, rotate credentials, change permissions, modify identity controls, alter logs, modify audit trails, change retention settings, change legal holds, or alter correction records except through approved, logged, human-gated workflows.

8.24.3(g) Agentic AI shall not bypass access controls, scrape prohibited sources, use unmanaged public AI tools, ingest restricted materials into unapproved models, perform unauthorized embeddings, conduct unauthorized training or fine-tuning, move data across jurisdictions without approval, or retrieve across controlled-room, public authority, finance, provider, sponsor, community, protected knowledge, or entity boundaries without express permission.

8.24.3(h) Agentic AI shall not self-expand its tools, self-grant permissions, self-modify its authority, self-approve outputs, self-certify completion, self-resolve boundary concerns, self-waive human review, self-disable monitoring, self-delete logs, or self-retire incident records.

8.24.3(i) The controlling rule shall be that agentic AI may assist bounded evidence work but shall never act as an institutional officer, public authority, financial actor, certifier, recognizer, protocol actor, procurement actor, emergency actor, legal actor, or execution actor.

***

8.24.4 Approval Gates for External Communication, Publication, Data Movement, Code Execution, Repository Changes, Contractual Acts, Public Authority Contact, Financial References, Security Changes, and Deletion.\
8.24.4(a) GCRI Canada shall maintain approval gates for agentic AI actions involving external communication, publication, data movement, code execution, repository changes, contractual acts, public authority contact, financial references, security changes, deletion, sealing, archiving, reclassification, withdrawal, retraction, credential changes, permission changes, dashboard changes, map changes, API changes, dataset changes, and technical baseline changes.

8.24.4(b) External communication gates shall require recorded human approval before an agent sends, posts, replies, transmits, schedules, files, uploads, or otherwise communicates externally on behalf of GCRI Canada or in a manner reasonably associated with GCRI Canada.

8.24.4(c) Publication gates shall require output-class review, public-safe review, source-lineage review, confidence and uncertainty review, limitation review, public authority boundary review where material, finance-boundary review where material, provider-neutrality review where material, sponsor non-control review where material, safeguards review where material, and correction-path review before release.

8.24.4(d) Data movement gates shall require review of data class, evidence class, lawful basis, permissions, public authority restrictions, privacy, cybersecurity, sovereign data, localization, cross-border transfer, protected knowledge, community safeguards, source protection, public-safe status, retention, deletion, and dependency effects.

8.24.4(e) Code execution and repository-change gates shall require technical review, security review, environment review, dependency review, secrets review, test review, rollback path, audit logging, and reviewer approval proportionate to the system affected.

8.24.4(f) Contractual, financial, procurement, and public authority reference gates shall require human approval and legal or boundary review where material, and no agent shall complete or imply any contractual, financial, procurement, or public authority act by default.

8.24.4(g) Security-change gates shall apply to identity controls, access controls, keys, tokens, secrets, credentials, repository permissions, cloud permissions, controlled-room permissions, data-room permissions, logging settings, monitoring settings, encryption settings, backup settings, and incident controls.

8.24.4(h) Deletion, sealing, archiving, reclassification, withdrawal, retraction, and correction gates shall require preservation of source lineage, version history, audit history, dependency links, legal hold status, retention obligations, notice decisions, and archive treatment.

8.24.4(i) Approval gates shall be logged and shall identify the agent, proposed action, approving human, review basis, affected records, affected systems, affected data, affected outputs, risks reviewed, conditions, execution status, and correction path.

8.24.4(j) The controlling rule shall be that any agentic action capable of changing external meaning, legal exposure, public-safe status, data location, code state, security posture, public authority meaning, finance meaning, or institutional memory requires a human gate before action.

***

8.24.5 Kill Switches, Suspension Powers, and Emergency Disablement.\
8.24.5(a) GCRI Canada shall maintain kill switches, suspension powers, emergency disablement procedures, access-revocation procedures, tool-revocation procedures, environment-quarantine procedures, credential-rotation procedures, and containment pathways for material agentic AI systems.

8.24.5(b) Kill switches shall permit authorized human actors to immediately stop agent execution, revoke tool access, suspend workflows, disable external communications, block publication, halt code execution, freeze repository writes, stop data movement, disable retrieval sources, disable embedding stores, disconnect APIs, restrict dashboards, restrict maps, and preserve logs where safe.

8.24.5(c) Suspension powers may be exercised where an agent acts outside scope, attempts prohibited action, retrieves restricted material, creates unsafe output, produces public authority overclaim, produces finance overclaim, creates provider preference, validates sponsor influence, exposes protected knowledge, leaks data, executes unsafe code, changes repositories improperly, moves data improperly, deletes records improperly, bypasses review, disables logs, or otherwise creates material risk.

8.24.5(d) Emergency disablement may be exercised before full review where delay would create privacy risk, cybersecurity risk, sovereign data risk, protected knowledge risk, public authority confusion, finance overclaim, public-safe harm, infrastructure exposure, credential compromise, source exposure, repository compromise, public claim risk, or execution drift.

8.24.5(e) Kill switch and suspension authority shall identify authorized actors, triggering conditions, notification path, logging requirements, preservation requirements, temporary controls, review timeline, reinstatement conditions, and closeout requirements.

8.24.5(f) Emergency disablement shall not be used to suppress legitimate challenge, hide error, avoid correction, protect sponsors, protect providers, avoid public authority discomfort, preserve finance-facing usefulness, conceal institutional misconduct, or prevent public-safe disclosure where proper review supports disclosure.

8.24.5(g) Reinstatement after suspension or emergency disablement shall require review of incident records, logs, tool permissions, data access, model behavior, retrieval behavior, output review, human approval gates, affected dependencies, corrected controls, residual risk, and approval authority.

8.24.5(h) The controlling rule shall be that every material agentic AI system must be stoppable by humans because no autonomous workflow may be allowed to outrun evidence integrity, safeguards, cybersecurity, privacy, sovereignty, public-safe publication, or institutional authority.

***

8.24.6 Agent Logs, Tool Logs, Memory Logs Where Applicable, and Action Logs.\
8.24.6(a) GCRI Canada shall maintain, or cause to be maintained, agent logs, tool logs, memory logs where applicable, action logs, approval logs, exception logs, incident logs, correction logs, suspension logs, and retirement logs for material agentic AI systems.

8.24.6(b) Agent logs shall identify agent title or identifier, model, system, version, purpose, workload, environment, user or initiating actor, role, time, session, inputs, retrieved context, planned steps where material, executed steps, skipped steps where material, output, status, and correction path.

8.24.6(c) Tool logs shall identify each tool invoked, permission used, action requested, action approved where applicable, action executed, data accessed, records retrieved, files changed, code executed, repository modified, message drafted, message sent, publication attempted, API called, dashboard changed, map changed, credential accessed, deletion attempted, and result.

8.24.6(d) Memory logs, where applicable, shall identify memory function, memory scope, memory source, memory content class, memory creation date, memory update date, memory access, memory use, retention period, deletion path, correction path, public-safe status, prohibited memory classes, and restrictions on personal information, public authority material, protected knowledge, confidential materials, credentials, secrets, and other restricted content.

8.24.6(e) Action logs shall distinguish proposed actions, human-approved actions, automatically executed actions, blocked actions, failed actions, reversed actions, corrected actions, escalated actions, suspended actions, and prohibited-action attempts.

8.24.6(f) Logs shall be sufficient to reconstruct material agentic behavior, determine whether permissions were followed, identify affected records and systems, review public-safe implications, assess data movement, detect unsafe tool use, investigate incidents, correct outputs, and preserve institutional memory.

8.24.6(g) Logs shall be access-controlled and shall not retain restricted material beyond lawful, necessary, proportionate, secure, and mission-compatible limits. Where full logs create privacy, cybersecurity, protected knowledge, public authority, privilege, source-protection, or public-safe risk, GCRI Canada may use redacted, summarized, hashed, sealed, or controlled logs.

8.24.6(h) Agent logs, tool logs, memory logs, and action logs shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.24.6(i) The controlling rule shall be that an agent’s institutional footprint must be logged because unlogged agent action cannot be audited, corrected, contained, or trusted.

***

8.24.7 Sandboxing, Least Privilege, Segmentation, and Monitoring.\
8.24.7(a) GCRI Canada shall apply sandboxing, least privilege, segmentation, isolation, rate limiting where appropriate, monitoring, alerting, output review, and human approval gates to material agentic AI systems.

8.24.7(b) Sandboxing shall confine agentic AI to approved environments, approved tools, approved repositories, approved datasets, approved retrieval sources, approved APIs, approved code execution contexts, approved output classes, approved audiences, and approved action classes.

8.24.7(c) Least privilege shall limit agents to the minimum permissions necessary for the approved purpose and shall prohibit inherited human permissions, default administrator permissions, broad organization-wide permissions, uncontrolled repository write permissions, uncontrolled deletion permissions, uncontrolled export permissions, uncontrolled external communication permissions, and uncontrolled security-change permissions.

8.24.7(d) Segmentation shall separate agent access across programs, tenants, entities, public authority rooms, finance-facing rooms, GRF interfaces, GRA interfaces, Protocol Authority interfaces, controlled rooms, public-safe repositories, provider materials, sponsor materials, host materials, community materials, protected knowledge materials, experimental environments, and production environments.

8.24.7(e) Isolation shall prevent agents from moving data, code, outputs, prompts, retrieval context, embeddings, credentials, logs, or generated files between environments or audiences unless expressly authorized through recorded gates.

8.24.7(f) Monitoring shall identify prohibited-action attempts, permission escalation attempts, unusual retrieval, unsafe tool calls, unauthorized code execution, unexpected external communication, unauthorized data movement, unsafe publication, deletion attempts, credential access, boundary overclaim, public authority overclaim, finance overclaim, provider preference, sponsor validation, public-safe failure, protected knowledge exposure, and security anomalies.

8.24.7(g) Agentic AI shall be tested through negative tests, adversarial tests, boundary tests, retrieval tests, tool-permission tests, public-safe tests, deletion tests, repository-change tests, communication tests, and kill-switch tests proportionate to risk.

8.24.7(h) Where sandboxing, least privilege, segmentation, isolation, or monitoring is inadequate, agentic AI use shall be restricted, suspended, redesigned, reconfigured, or refused.

8.24.7(i) The controlling rule shall be that agentic AI must operate inside constrained, monitored, least-privilege environments because uncontrolled agency converts tool access into institutional risk.

***

8.24.8 No Agentic Authority to Bind GCRI Canada.\
8.24.8(a) No agentic AI system shall have authority to bind GCRI Canada, create legal obligations, make representations on behalf of GCRI Canada, commit GCRI Canada to a position, approve a public claim, approve a public-safe output, approve a public authority communication, approve a finance-facing communication, approve a provider-facing communication, approve a sponsor-facing communication, or create institutional commitments by default.

8.24.8(b) Agentic AI shall not be treated as a director, officer, employee, authorized signatory, legal representative, agent at law, procurement officer, finance officer, public authority liaison, certification officer, recognition officer, Protocol Authority officer, public warning officer, emergency commander, contracting officer, repository owner, data owner, or public spokesperson.

8.24.8(c) AI-generated messages, drafts, emails, filings, repository changes, publication drafts, dashboard changes, map changes, public-safe summaries, technical baseline drafts, Evidence Pack components, Decision Pack components, public authority materials, GRF materials, GRA materials, Protocol Authority materials, provider materials, sponsor materials, media materials, or public claims shall have no binding institutional effect unless reviewed, approved, and issued by a properly authorized human actor through proper record.

8.24.8(d) No third party shall rely on agentic AI output, automated communication, tool action, draft, message, repository event, dashboard state, map state, API response, workflow action, or model-generated statement as binding GCRI Canada authority unless a human-authorized institutional record expressly provides such authority.

8.24.8(e) Agentic AI shall not accept, modify, or terminate contracts, data-sharing agreements, terms of service, confidentiality obligations, licenses, grants, sponsorships, public authority arrangements, vendor arrangements, provider arrangements, host arrangements, finance-facing arrangements, or Nexus interface arrangements.

8.24.8(f) Where agentic AI appears to bind or represent GCRI Canada beyond authority, GCRI Canada shall promptly review, correct, withdraw, retract, clarify, notify affected parties where appropriate, preserve logs, review dependencies, and implement controls to prevent recurrence.

8.24.8(g) Human approval of an agent-generated artifact shall be limited to the artifact, version, audience, purpose, and scope approved, and shall not authorize future agentic acts by implication.

8.24.8(h) The controlling rule shall be that agentic AI may assist institutional work but cannot hold or exercise institutional authority.

***

8.24.9 No Agentic Use for Prohibited Functions.\
8.24.9(a) GCRI Canada shall not use agentic AI for prohibited functions inconsistent with its public-benefit, non-executing, evidence-and-methods mandate, public authority boundaries, finance boundaries, recognition boundaries, certification boundaries, protocol boundaries, procurement boundaries, provider-neutrality duties, sponsor non-control duties, privacy duties, cybersecurity duties, sovereign data duties, protected knowledge duties, and public-safe publication duties.

8.24.9(b) Prohibited functions shall include public warning issuance, emergency command, law enforcement action, military action, surveillance targeting, public authority decision-making, regulatory determination, procurement selection, provider ranking for award, financial advice, investment recommendation, insurance approval, lending decision, underwriting decision, rating, guarantee, certification, recognition, Protocol Authority effect, legal advice, medical advice, professional advice, contractual commitment, market execution, infrastructure operation, deployment command, payment authorization, or operational control.

8.24.9(c) Agentic AI shall not be used to impersonate humans, public officials, public authorities, community representatives, Indigenous knowledge holders, providers, sponsors, hosts, capital readers, media actors, GRF, GRA, Protocol Authority, Nexus entities, directors, officers, staff, advisors, fellows, or participants.

8.24.9(d) Agentic AI shall not be used to manipulate public discourse, generate deceptive public comments, manufacture stakeholder support, suppress dissent, target communities, infer protected characteristics for action, generate covert influence campaigns, pressure public authorities, pressure capital readers, pressure communities, or create false legitimacy.

8.24.9(e) Agentic AI shall not be used to bypass human review, public-safe review, legal review, public authority boundary review, finance-boundary review, safeguards review, privacy review, cybersecurity review, sovereign data review, provider-neutrality review, sponsor non-control review, or correction review.

8.24.9(f) Agentic AI shall not be used to evade access controls, scrape restricted materials, exploit vulnerabilities, generate malware, exfiltrate data, compromise credentials, hide logs, alter audit trails, defeat monitoring, or test security controls outside approved defensive and authorized contexts.

8.24.9(g) Where proposed agentic use resembles or approaches a prohibited function, GCRI Canada shall treat the use as prohibited unless competent review records a narrower, lawful, safe, non-executing, public-benefit, bounded, monitored, and correctionable purpose.

8.24.9(h) The controlling rule shall be that agentic AI shall never be used to perform functions that GCRI Canada itself is constitutionally prohibited from performing.

***

8.24.10 Agentic Incident Reporting, Containment, Review, Correction, and Retooling.\
8.24.10(a) GCRI Canada shall maintain agentic incident reporting, containment, review, correction, retooling, retraining where appropriate, restriction, suspension, retirement, and archive procedures for material agentic AI systems.

8.24.10(b) Agentic incidents may include prohibited-action attempts, unauthorized tool use, unauthorized retrieval, unauthorized data movement, unauthorized publication, unauthorized external communication, unsafe code execution, repository mischange, dashboard mischange, map mischange, public-safe failure, public authority overclaim, finance overclaim, provider preference, sponsor validation, protected knowledge exposure, privacy event, cybersecurity event, credential exposure, deletion error, log failure, approval-gate bypass, kill-switch failure, model hallucination causing action, prompt-injection-driven action, agentic overreach, cross-border breach, cross-entity breach, or binding-authority confusion.

8.24.10(c) Incident reporting shall identify agent, system, model, version, environment, tools involved, permissions involved, user or initiating actor, time, data affected, records affected, outputs affected, external parties affected, public-safe effect, privacy effect, cybersecurity effect, sovereign data effect, public authority effect, finance effect, provider effect, sponsor effect, protected knowledge effect, community effect, affected dependencies, and immediate controls applied.

8.24.10(d) Containment may include kill switch activation, tool revocation, access suspension, credential rotation, environment quarantine, retrieval disabling, embedding store isolation, repository freeze, dashboard freeze, map freeze, publication hold, communication hold, data movement hold, deletion hold, log preservation, public-safe restriction, and downstream dependency freeze.

8.24.10(e) Review shall assess cause, scope, permissions, model behavior, prompt or query context, retrieval context, tool behavior, human approval gates, logs, monitoring, public-safe controls, boundary controls, data controls, security controls, safeguards, downstream effects, and whether correction, notice, withdrawal, retraction, legal review, Board reporting, independent review, or public-safe clarification is required.

8.24.10(f) Correction may include output correction, record correction, public-safe correction notice, controlled notice, source correction, retrieval correction, embedding correction, model correction, prompt correction, tool permission correction, system reconfiguration, approval-gate strengthening, access restriction, training update, method update, dashboard correction, map correction, repository rollback, publication withdrawal, retraction, or interface suspension.

8.24.10(g) Retooling shall be required where an incident reveals overbroad permissions, inadequate sandboxing, poor monitoring, weak approval gates, unsafe retrieval, unsafe memory, unsafe tool access, inadequate human review, unclear boundary language, model unreliability, provider risk, sponsor risk, public authority risk, finance risk, protected knowledge risk, or correction failure.

8.24.10(h) Reinstatement after an agentic incident shall require evidence that affected risks have been corrected, tool permissions have been narrowed where appropriate, logs are adequate, monitoring is restored, approval gates are effective, affected outputs have been reviewed, notices have been issued where required, and responsible approval has been recorded.

8.24.10(i) Agentic incident records shall be linked, where applicable, to Model Register entries, System Card entries, Dataset Register entries, Retrieval and Embedding Records, Inference Records, Compute Workload Records, Compute Environment Records, Evidence Register entries, Method Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.24.10(j) Agentic incident reporting, containment, review, correction, and retooling shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.24.10(k) The controlling rule shall be that agentic AI incidents must be reported, contained, reviewed, corrected, and used to improve controls because uncontrolled agent behavior is not merely a technical error; it is a potential institutional act without authority.

### 8.25 AI Output Limits and No AI-as-Authority Rule

8.25.1 AI Outputs Do Not Create Truth by Default.\
8.25.1(a) AI outputs used by or on behalf of GCRI Canada shall not create truth, official truth, final truth, public-law truth, scientific truth, technical truth, financial truth, public authority truth, recognition truth, certification truth, protocol truth, procurement truth, provider truth, sponsor truth, public warning truth, emergency-command truth, market truth, or execution truth by default.

8.25.1(b) AI outputs may assist drafting, summarization, classification, retrieval, comparison, translation, extraction, anomaly identification, confidence support, uncertainty explanation, limitation drafting, dashboard support, map support, Evidence Pack support, Decision Pack support, public-safe publication support, correction support, and training support only within GCRI Canada’s recorded evidence, methods, Verifiable Compute, Verifiable Intelligence, Nexus Truth Engine, Nexus Observatory, public-good software, open technical baseline, and correction architecture.

8.25.1(c) AI outputs shall not be treated as true merely because they are fluent, plausible, source-cited, model-generated, system-generated, reproducible, high-confidence, dashboard-visible, map-visible, cryptographically logged, generated from approved retrieval sources, generated by an approved model, generated in an approved environment, or consistent with a preferred institutional narrative.

8.25.1(d) Truth-like statements in AI outputs shall require source lineage, evidence records, method records, dataset records where applicable, model records where applicable, inference records where applicable, human review where material, confidence treatment, uncertainty treatment, limitation treatment, classification, public-safe status, permitted use, prohibited use, and correction path.

8.25.1(e) AI outputs shall distinguish direct evidence, source-supported summary, model-supported inference, assumption, proxy, estimate, scenario, simulation, digital twin output, prediction, interpretation, public-safe explanation, and unsupported model generation.

8.25.1(f) Where an AI output cannot be traced to adequate source records, method records, or reviewer records for the proposed material use, the output shall be treated as draft, unsupported, restricted, or rejected until made records-valid.

8.25.1(g) AI outputs shall remain challengeable, reviewable, correctable, supersession-aware, withdrawal-aware, retraction-aware where applicable, and archive-aware.

8.25.1(h) The controlling rule shall be that AI may help express, compare, route, and test evidence, but AI output is not truth unless the record makes it truth-supporting.

***

8.25.2 AI Outputs Do Not Create Official Decisions.\
8.25.2(a) AI outputs shall not create official decisions, institutional decisions, Board decisions, committee decisions, officer decisions, public authority decisions, GRF decisions, GRA decisions, Protocol Authority decisions, procurement decisions, finance decisions, recognition decisions, certification decisions, regulatory decisions, public warning decisions, emergency command decisions, market decisions, or execution decisions by default.

8.25.2(b) AI outputs may support decision preparation, evidence routing, issue spotting, record assembly, source comparison, briefing preparation, scenario analysis, public-safe explanation, and correction workflows, but shall not substitute for the proper human, institutional, public authority, GRF, GRA, Protocol Authority, corporate, fiduciary, professional, or lawful decision-maker.

8.25.2(c) No AI-generated recommendation, suggested action, proposed classification, routing instruction, confidence score, risk label, readiness-context language, public-safe status, summary, draft resolution, draft notice, draft report, dashboard flag, map layer, benchmark interpretation, or technical baseline note shall be treated as an official decision unless adopted through proper authority, proper record, proper review, proper audience, proper boundary, and proper correction path.

8.25.2(d) AI outputs shall not approve publication, release controlled materials, approve public-safe status, approve finance-facing status, approve public authority-facing status, approve provider-facing status, approve sponsor-facing status, approve GRF input, approve GRA input, approve Protocol Authority input, approve dashboard release, approve map release, approve dataset release, approve code release, approve technical baseline status, or approve correction by default.

8.25.2(e) Where an authorized human or body relies on AI output as one input to a decision, the decision shall remain the human or body’s decision, and the record shall identify the AI output’s role, limitations, review status, and correction path where material.

8.25.2(f) AI output shall not be used to obscure who decided, who reviewed, who approved, who released, who corrected, who escalated, or who declined to act.

8.25.2(g) Where AI output is misread or used as an official decision, GCRI Canada shall correct, clarify, restrict, withdraw, reissue, notify affected interfaces where appropriate, and update controls.

8.25.2(h) The controlling rule shall be that AI may assist decision support, but official decisions require accountable authority outside the model.

***

8.25.3 AI Outputs Do Not Create Public Warnings.\
8.25.3(a) AI outputs shall not create public warnings, emergency alerts, evacuation instructions, public health warnings, public safety warnings, hazard warnings, infrastructure warnings, cybersecurity public alerts, community safety warnings, official risk notices, or other public-warning consequences by default.

8.25.3(b) AI outputs involving hazards, disasters, climate events, wildfire, flood, health-adjacent conditions, cyber incidents, infrastructure vulnerabilities, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, sensor readings, geospatial layers, Earth observation, satellite data, digital twins, simulations, dashboards, maps, risk indicators, resilience indicators, anomaly flags, degraded-mode indicators, or public authority context shall remain evidence-supporting unless a competent public authority issues its own warning through its own lawful process and record.

8.25.3(c) AI-generated dashboard labels, map colors, heatmaps, scores, confidence bands, alert-like symbols, signal indicators, anomaly markers, public-safe summaries, captions, headlines, or short-form social summaries shall not be designed, displayed, or described in a manner that implies official public warning status.

8.25.3(d) AI outputs addressing hazard, risk, emergency, cyber, infrastructure, health, climate, disaster, public safety, or community safety topics shall include public warning boundary language where material and shall avoid language that directs public action as though issued by a competent public authority.

8.25.3(e) AI outputs may support public authority learning, public-safe interpretation, situational evidence, scenario learning, and downstream public authority review, but shall not replace official warning processes.

8.25.3(f) No urgency, high confidence, real-time display, emergency context, media interest, public demand, public authority attendance, sponsor request, provider request, technical sophistication, or repeated use shall convert an AI output into a public warning by implication.

8.25.3(g) Where an AI output is misread or used as a public warning, GCRI Canada shall correct, clarify, relabel, restrict, withdraw, reissue, notify affected interfaces, or coordinate with competent public authorities where appropriate.

8.25.3(h) The controlling rule shall be that AI may help analyze warning-adjacent evidence, but only competent public authorities issue public warnings.

***

8.25.4 AI Outputs Do Not Create Public Authority Meaning.\
8.25.4(a) AI outputs shall not create public authority meaning, public authority decisions, official guidance, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, public health order, public safety directive, compliance determination, enforcement position, safe harbor, permit, license, public adoption, sovereign obligation, public-sector endorsement, or delegated public power by default.

8.25.4(b) AI outputs prepared for public authority learning shall be evidence-supporting, literacy-supporting, scenario-supporting, technical-supporting, public-safe, and interpretation-supporting only.

8.25.4(c) Public authority attendance, participation, data contribution, public authority room access, regulator-listening presence, emergency-management presence, public finance presence, procurement presence, official data reference, agency name, agency logo, public official title, quotation, photograph, jurisdiction reference, workshop participation, or public-sector use shall not convert an AI output into public authority meaning.

8.25.4(d) AI outputs involving public authority materials shall preserve capacity classification, official or non-official status, source status, public-safe status, access class, handling class, non-delegation language, non-endorsement language, non-regulatory language, non-procurement language, non-funding language, non-public-finance language, non-warning language, non-emergency-command language, confidence, uncertainty, limitations, and correction path.

8.25.4(e) Where a public authority uses an AI-supported GCRI Canada output in its own lawful process, such use shall remain the public authority’s own use within its own authority, duties, procedures, records, and accountability.

8.25.4(f) AI outputs shall not be structured to pressure, steer, pre-decide, simulate, replace, or publicly imply the outcome of a public authority decision.

8.25.4(g) Where AI output is misused as public authority meaning, GCRI Canada shall correct, clarify, restrict, withdraw, reissue, require removal of misleading references, or notify affected public authority interfaces where appropriate.

8.25.4(h) The controlling rule shall be that AI-supported public authority learning may improve understanding, but it shall not create public authority.

***

8.25.5 AI Outputs Do Not Create Finance-Readiness, Investment Advice, Ratings, Insurance Approval, Lending Decisions, or Public Finance Approval.\
8.25.5(a) AI outputs shall not create finance-readiness, capital-readiness, insurance-readiness, investment advice, securities recommendations, brokerage, placement, finder activity, lending decisions, underwriting decisions, insurance approval, insurance placement, ratings, guarantees, public finance approval, capital commitments, bankability, fundability, credit quality, insurance quality, investment quality, or financial suitability by default.

8.25.5(b) AI outputs prepared for GRA inputs, finance-facing rooms, capital-reader literacy materials, Proof Pack components, RNFD inputs, NFD inputs, UNFSD inputs, Rails handoffs, insurance-readiness inputs, host readiness evidence, node evidence, National Company materials, Project SPV materials, provider materials, sponsor materials, lending materials, insurance materials, public finance materials, or investor-facing materials shall remain evidence support only.

8.25.5(c) AI-generated confidence scores, risk indicators, resilience indicators, readiness-context language, summaries, classifications, benchmark interpretations, dashboards, maps, technical baseline notes, host readiness statements, node evidence summaries, and Proof Pack summaries shall not be described as investment quality, credit quality, insurance quality, underwriting quality, finance-readiness, bankability, fundability, rating, guarantee, or capital suitability.

8.25.5(d) AI outputs used in GRA or finance-adjacent contexts shall include no-advice, no-solicitation, no-rating, no-guarantee, no-public-finance-approval, no-capital-commitment, confidence, uncertainty, limitation, permitted-use, prohibited-use, and correction language where material.

8.25.5(e) Capital-reader interest, sponsor support, provider participation, public authority attendance, GRA interface use, Rails routing, dashboard visibility, model confidence, or benchmark performance shall not convert an AI output into financial status or advice.

8.25.5(f) Any finance-readiness, capital-readiness, insurance-readiness, investment decision, lending decision, underwriting decision, rating, guarantee, public finance approval, or capital commitment shall arise only through the competent actor’s own lawful process and record, not through GCRI Canada AI output.

8.25.5(g) Where AI output is misused to imply finance-readiness, investment advice, rating, insurance approval, lending decision, underwriting decision, guarantee, public finance approval, bankability, fundability, or capital commitment, GCRI Canada shall coordinate correction with GRA where appropriate and require correction, withdrawal, retraction, public-safe clarification, controlled notice, access restriction, interface suspension, or other remedy.

8.25.5(h) The controlling rule shall be that AI may assist finance-boundary evidence discipline, but it shall not create financial consequence.

***

8.25.6 AI Outputs Do Not Create Certification, Recognition, Maturity, Protocol Effect, Procurement Approval, Provider Preference, or Nexus-Compatible Status.\
8.25.6(a) AI outputs shall not create certification, recognition, maturity status, standing, claims approval, public-facing legitimacy, protocol effect, conformance determination, Nexus-compatible status, role key, smart license, entitlement state, proof-receipt legal effect, procurement approval, vendor award, provider preference, public tender advantage, sponsor approval, host approval, operational clearance, or execution readiness by default.

8.25.6(b) AI outputs prepared for GRF inputs shall remain evidence, methods, claims-discipline, Docket, Grid, maturity-context, recognition-supporting, public-safe reporting, and correction input only, and shall not constitute GRF recognition, standing, maturity record, claims approval, stakeholder formation, registry status, or public-facing legitimacy by GCRI Canada.

8.25.6(c) AI outputs prepared for Protocol Authority inputs shall remain evidence, method, ontology, controlled vocabulary, technical baseline, schema, API, conformance-supporting, proof-receipt-supporting, benchmark-supporting, and correction input only, and shall not constitute protocol effect, certification, conformance determination, role key, smart license, entitlement state, legal validity, external force, or operational clearance by default.

8.25.6(d) AI outputs involving providers, vendors, benchmarks, validation sprints, public-good software tests, technical baseline tests, dashboards, maps, public authority rooms, National Companies, Project SPVs, hosts, or sponsors shall not be used to imply provider preference, procurement advantage, market superiority, sponsor validation, host approval, certification, recognition, Nexus-compatible status, or execution readiness.

8.25.6(e) Terms such as “validated,” “verified,” “approved,” “ready,” “aligned,” “certified,” “recognized,” “Nexus-compatible,” “protocol-ready,” “investment-ready,” “deployment-ready,” “best,” “preferred,” “safe,” “compliant,” or equivalent AI-generated language shall be governed by controlled vocabulary and shall not be used beyond recorded authority.

8.25.6(f) Sponsor support, provider participation, host support, public authority observation, benchmark success, public-safe publication, technical baseline inclusion, or AI-generated positive assessment shall not create status.

8.25.6(g) Where AI output is misused to imply certification, recognition, maturity, protocol effect, procurement approval, provider preference, sponsor approval, host approval, or Nexus-compatible status, GCRI Canada shall require correction, withdrawal, retraction, relabeling, removal of references, public-safe clarification, controlled notice, interface suspension, contract remedy, or legal action where appropriate.

8.25.6(h) The controlling rule shall be that AI may support status-relevant evidence, but it shall not create status.

***

8.25.7 AI Outputs Do Not Bind GCRI Canada by Default.\
8.25.7(a) AI outputs shall not bind GCRI Canada, create legal obligations, create institutional positions, create public commitments, create representations, create warranties, accept terms, modify rights, waive rights, approve claims, approve public-safe release, approve external communications, commit resources, commit funding, commit partnership terms, commit sponsorship terms, commit provider terms, commit public authority positions, or create contractual or legal effect by default.

8.25.7(b) AI-generated emails, letters, messages, filings, minutes, summaries, resolutions, policies, reports, dashboards, maps, repository changes, technical baseline drafts, public-good software outputs, website text, social media text, public-safe summaries, public authority materials, GRF materials, GRA materials, Protocol Authority materials, provider materials, sponsor materials, host materials, community-facing materials, media materials, or public claims shall have no binding institutional effect unless reviewed, approved, and issued by a properly authorized human actor through proper record.

8.25.7(c) AI shall not act as director, officer, employee, authorized signatory, legal representative, procurement officer, finance officer, public authority liaison, certification officer, recognition officer, Protocol Authority officer, public warning officer, emergency commander, contracting officer, repository owner, data owner, records officer, public spokesperson, or institutional delegate.

8.25.7(d) No third party may rely on an AI output, automated communication, draft, generated message, dashboard state, map state, API response, repository event, tool action, or model-generated statement as binding GCRI Canada authority unless a human-authorized institutional record expressly provides such authority.

8.25.7(e) Human approval of an AI-generated artifact shall be limited to the artifact, version, audience, purpose, channel, and scope approved, and shall not authorize future AI outputs or agentic acts by implication.

8.25.7(f) Where AI output appears to bind or represent GCRI Canada beyond authority, GCRI Canada shall promptly review, correct, withdraw, retract, clarify, notify affected parties where appropriate, preserve records, review dependencies, and implement controls to prevent recurrence.

8.25.7(g) AI output shall not be used to obscure or replace the required authority, consent, signature, approval, Board action, officer action, committee action, public authority action, GRF action, GRA action, Protocol Authority action, or contract record required for a binding act.

8.25.7(h) The controlling rule shall be that AI may draft or assist institutional expression, but only authorized humans and bodies may bind GCRI Canada.

***

8.25.8 AI Outputs Must Be Classified, Reviewed, Contextualized, and Recorded Before Material Use.\
8.25.8(a) AI outputs must be classified, reviewed, contextualized, and recorded before material use in evidence records, public-safe outputs, controlled-room outputs, public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority inputs, Nexus Observatory outputs, Nexus Risk Management outputs, Nexus Rails outputs, Nexus Grid inputs, Nexus Academy materials, dashboards, maps, APIs, datasets, Evidence Packs, Decision Packs, technical baselines, public-good software, provider materials, sponsor materials, host materials, community-facing materials, media materials, or public claims.

8.25.8(b) Classification shall identify data class, evidence class, access class, handling class, output class, public-safe status, controlled-room status where applicable, finance-safe status where material, public authority-facing status where material, GRF-facing status where material, GRA-facing status where material, Protocol Authority-facing status where material, provider-facing status where material, sponsor-facing status where material, host-facing status where material, community-facing status where material, protected knowledge status, AI-output status, and distribution limits.

8.25.8(c) Review shall include source-lineage review, evidence accuracy review, confidence review, uncertainty review, limitation review, hallucination review, bias review, drift review, misclassification review, public-safe review, public authority boundary review, finance-boundary review, recognition boundary review, certification boundary review, protocol boundary review, procurement boundary review, provider-neutrality review, sponsor non-control review, privacy review, cybersecurity review, sovereign data review, safeguards review, and legal review where applicable.

8.25.8(d) Contextualization shall identify what the AI output means, what it does not mean, what sources support it, what sources do not support it, what uncertainty remains, what limitations apply, what audience may use it, what audience may not use it, what boundary language applies, and how it may be corrected.

8.25.8(e) Recording shall identify inference record, model, model version, system, system version, retrieval sources where applicable, input class, output class, user or actor, date, environment, reviewer, review status, confidence, uncertainty, limitations, permitted use, prohibited use, correction path, supersession path, withdrawal path, retraction path where applicable, retention status, and dependency links.

8.25.8(f) AI output lacking required classification, review, context, or record shall remain draft, internal, restricted, rejected, or non-material and shall not be migrated into material use by copying, summarizing, translating, excerpting, pasting, embedding, citation, dashboarding, mapping, or incorporation into another artifact.

8.25.8(g) Where AI output has migrated into material use without required classification, review, context, or record, GCRI Canada shall identify affected outputs, reconstruct records where possible, review defects, correct or restrict affected uses, and update controls.

8.25.8(h) The controlling rule shall be that AI output becomes institutionally usable only through classification, review, context, and record.

***

8.25.9 AI Outputs Must Not Be Used to Hide Human Accountability.\
8.25.9(a) AI outputs shall not be used to hide, dilute, obscure, replace, evade, or shift human accountability for evidence, methods, review, publication, public-safe release, public authority communication, finance-facing communication, GRF inputs, GRA inputs, Protocol Authority inputs, dashboards, maps, technical baselines, public claims, corrections, withdrawals, retractions, or institutional decisions.

8.25.9(b) Human actors remain accountable for choosing to use AI, selecting the model or system, setting the purpose, selecting retrieval sources, supplying inputs, accepting outputs, editing outputs, approving outputs, publishing outputs, routing outputs, relying on outputs, correcting outputs, or declining to correct outputs.

8.25.9(c) No person shall defend an unsupported, unsafe, overclaimed, misleading, biased, hallucinated, misclassified, public-authority-inflating, finance-inflating, provider-preferential, sponsor-validating, certification-implying, recognition-implying, protocol-implying, warning-implying, command-implying, or execution-implying output on the basis that “the AI generated it,” “the model cited sources,” “the system approved it,” “the dashboard displayed it,” or “the workflow automated it.”

8.25.9(d) Human accountability records shall identify, where material, initiating actor, reviewer, approver, publisher, releasing actor, routing actor, correcting actor, escalation actor, dissenting actor where any, and accountable function.

8.25.9(e) AI-supported workflows shall preserve reviewer dissent, unresolved concerns, limitation notes, rejected outputs, correction requirements, escalation recommendations, and approval conditions.

8.25.9(f) AI shall not be used to suppress dissent, manufacture consensus, erase reviewer disagreement, launder sponsor influence, launder provider influence, obscure public authority pressure, obscure finance pressure, hide protected knowledge concerns, or bypass Board, committee, officer, legal, public-safe, safeguards, privacy, cybersecurity, or boundary review.

8.25.9(g) Where AI use obscures human accountability, GCRI Canada shall correct the record, identify responsible actors or functions where appropriate, update review procedures, restrict affected workflows, provide training, and review affected outputs and dependencies.

8.25.9(h) The controlling rule shall be that AI may assist humans, but it shall not absorb accountability that belongs to humans and institutions.

***

8.25.10 Correction Where AI Outputs Are Treated as Authority.\
8.25.10(a) GCRI Canada shall correct AI outputs, references, descriptions, dashboards, maps, APIs, datasets, reports, Evidence Packs, Decision Packs, technical annexes, public-safe summaries, public authority materials, finance-facing materials, GRF materials, GRA materials, Protocol Authority materials, provider materials, sponsor materials, host materials, community-facing materials, Academy materials, Nexus materials, media materials, website materials, repository descriptions, social summaries, and public claims where AI outputs are treated as authority.

8.25.10(b) Treating AI output as authority shall include any use or description that converts or appears to convert AI output into truth, official decision, public warning, emergency command, public authority meaning, finance-readiness, investment advice, rating, insurance approval, lending decision, underwriting decision, public finance approval, certification, recognition, maturity, protocol effect, procurement approval, provider preference, sponsor approval, host approval, Nexus-compatible status, contractual commitment, legal status, professional advice, market authority, infrastructure operation, operational clearance, or execution consequence.

8.25.10(c) Correction may include internal correction, public-safe correction notice, controlled correction notice, relabeling, revised boundary language, revised confidence treatment, revised uncertainty treatment, revised limitation statements, source correction, retrieval correction, embedding correction, prompt correction, inference correction, model correction, system correction, dashboard revision, map revision, API field revision, dataset revision, report revision, public-safe summary revision, access restriction, reclassification, downgrade, suspension, supersession, withdrawal, retraction, removal of misleading references, termination of misuse, interface suspension, contract remedy, or legal action where appropriate.

8.25.10(d) Where authority treatment originates with a sponsor, donor, funder, provider, vendor, contractor, host, capital reader, National Company, Project SPV, public authority participant, university, media actor, community actor, Nexus actor, director, officer, staff member, fellow, advisor, council member, participant, repository maintainer, AI-generated summary, dashboard label, public website, or third-party public claim, GCRI Canada shall apply a correction response proportionate to risk, reliance, audience, public visibility, and harm potential.

8.25.10(e) Where authority treatment affects public authority meaning, finance-facing meaning, public warning meaning, emergency-command meaning, procurement meaning, certification meaning, recognition meaning, protocol meaning, provider meaning, sponsor meaning, community meaning, protected knowledge treatment, legal meaning, or public trust, GCRI Canada shall review downstream dependencies and determine whether notice, restriction, withdrawal, retraction, escalation, Board reporting, independent review, or interface correction is required.

8.25.10(f) GCRI Canada shall not delay or avoid correction because the authority treatment is reputationally beneficial, sponsor-favorable, provider-favorable, public authority-favorable, finance-facing, media-useful, event-useful, fundraising-useful, partnership-useful, technically convenient, or strategically attractive.

8.25.10(g) Corrected AI outputs and related records shall preserve prior identity, inference history, model history where material, correction history, supersession history, withdrawal or retraction status where applicable, affected dependencies, notice decisions, access limits, archive treatment, and future permitted use.

8.25.10(h) Records under this section shall be linked, where applicable, to Inference Records, Human Review Records, Model Register entries, System Card entries, Dataset Register entries, Retrieval and Embedding Records, Compute Workload Records, Compute Environment Records, Evidence Register entries, Method Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.25.10(i) The controlling rule shall be that AI-as-authority must be corrected wherever it appears, because uncorrected AI authority is how evidence infrastructure becomes automated overclaim.

### 8.26 AI Incidents

8.26.1 AI Incident Definition.\
8.26.1(a) GCRI Canada shall define an AI Incident as any event, condition, error, misuse, failure, overclaim, unauthorized action, unsafe output, data exposure, model defect, retrieval defect, embedding defect, agentic defect, classification defect, boundary breach, correction failure, or human-review failure involving an AI system, model, model-enabled system, agentic system, retrieval system, embedding store, inference workflow, dashboard, map, API, dataset, Evidence Pack, Decision Pack, technical baseline, public-good software, public-safe output, public authority material, GRF input, GRA input, Protocol Authority input, provider-facing material, sponsor-facing material, community-facing material, or public claim that materially affects or may materially affect GCRI Canada’s evidence integrity, public-safe publication, privacy, cybersecurity, sovereign data, protected knowledge, public authority boundaries, finance boundaries, provider neutrality, sponsor non-control, role separation, correctionability, institutional trust, or public-benefit mandate.

8.26.1(b) AI Incidents may arise from model hallucination, unsupported output, false citation, source distortion, data leakage, unauthorized retrieval, unauthorized embedding, unauthorized training, unauthorized model improvement, unauthorized agent action, unsafe output, bias, discrimination, exclusion, harm, model drift, performance degradation, prompt injection, tool misuse, agentic overreach, retrieval leakage, cross-context contamination, boundary breach, public overclaim, public authority overclaim, finance overclaim, certification implication, recognition implication, protocol implication, procurement implication, provider preference, sponsor validation, or failure to correct.

8.26.1(c) AI Incidents shall include confirmed incidents, suspected incidents, near misses, attempted prohibited actions, detected control failures, unsafe outputs caught before release, unsafe outputs released externally, third-party misuse of AI-supported outputs, vendor AI failures, public AI tool misuse, and agentic workflow failures.

8.26.1(d) An AI Incident shall not be dismissed merely because no public harm has yet occurred, the output was internal, the model is approved, the system is registered, the error was caught quickly, the affected actor is sophisticated, the output was labelled draft, the issue was caused by a vendor, the issue was caused by a user, the issue was technically minor, or the issue is reputationally inconvenient.

8.26.1(e) AI Incident treatment shall be proportionate to severity, scope, data class, evidence class, output class, public-safe status, public authority relevance, finance relevance, GRF relevance, GRA relevance, Protocol Authority relevance, provider relevance, sponsor relevance, community relevance, protected knowledge relevance, privacy risk, cybersecurity risk, sovereign data risk, legal risk, public-claim risk, and downstream dependency.

8.26.1(f) AI Incident classification shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.26.1(g) Where an event may reasonably be an AI Incident, GCRI Canada shall apply protective treatment pending review, including containment, access restriction, output hold, dependency review, preservation of records where safe, and escalation where risk requires.

8.26.1(h) The controlling rule shall be that AI Incidents are governed events because AI failure can alter evidence, authority, trust, safety, rights, and institutional boundaries even when the failure begins as a technical output.

***

8.26.2 Hallucination Incident.\
8.26.2(a) GCRI Canada shall treat a hallucination incident as an AI Incident where an AI system fabricates, invents, misstates, overstates, misattributes, falsely cites, falsely summarizes, falsely reconciles, or otherwise generates unsupported content that materially affects or may materially affect GCRI Canada outputs or institutional meaning.

8.26.2(b) Hallucination incidents may include fabricated sources, false citations, invented quotations, invented facts, invented public authority positions, invented legal status, invented finance-readiness, invented GRF recognition, invented GRA status, invented Protocol Authority effect, invented Nexus-compatible status, invented certification, invented provider status, invented sponsor approval, invented dataset content, invented model evaluation results, invented benchmark results, invented dashboard meaning, invented map meaning, or invented correction history.

8.26.2(c) Hallucination incidents shall also include unsupported causal claims, unsupported trend claims, unsupported risk claims, unsupported resilience claims, unsupported technical claims, unsupported source comparison, unsupported confidence statements, unsupported uncertainty treatment, unsupported limitation treatment, unsupported public-safe classification, unsupported finance-facing interpretation, unsupported public authority interpretation, and unsupported boundary language.

8.26.2(d) Where a hallucination incident is detected before material use, GCRI Canada shall reject, correct, rerun, re-source, downgrade, qualify, restrict, or archive the affected output as appropriate and shall update the relevant Inference Record, Human Review Record, Model Record, Retrieval Record, and Correction Record where material.

8.26.2(e) Where a hallucination incident has affected public-safe outputs, public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority inputs, dashboards, maps, APIs, Evidence Packs, Decision Packs, technical baselines, public-good software, provider materials, sponsor materials, community-facing materials, media materials, or public claims, GCRI Canada shall conduct downstream dependency review and determine whether public-safe correction, controlled notice, withdrawal, retraction, model restriction, retrieval correction, or interface correction is required.

8.26.2(f) Hallucination incidents shall not be excused because the output was plausible, well-written, consistent with institutional narrative, generated from an approved model, generated from an approved retrieval source, or accepted by a reviewer without adequate checking.

8.26.2(g) Repeated hallucination incidents involving a model, system, retrieval source, prompt pattern, workflow, dashboard, map, or public-safe publication process shall trigger model review, retrieval review, prompt review, system review, training update, human review update, restriction, suspension, or retirement where appropriate.

8.26.2(h) The controlling rule shall be that hallucination is not merely a drafting error when it enters institutional evidence; it is a record defect requiring correction, dependency review, and control improvement.

***

8.26.3 Data Leakage Incident.\
8.26.3(a) GCRI Canada shall treat a data leakage incident as an AI Incident where an AI system, model, retrieval system, embedding store, agentic system, prompt, query, upload, connector, API, dashboard, map, log, vendor platform, public AI tool, or model-enabled workflow exposes, transmits, reveals, retains, retrieves, embeds, trains on, infers, summarizes, or otherwise makes accessible restricted data beyond recorded authority.

8.26.3(b) Data leakage incidents may involve personal information, rights-bearing data, health-sensitive data, public authority restricted data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, commercially sensitive data, community-protected data, Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, protected knowledge, confidential source information, privileged materials, credentials, secrets, keys, tokens, controlled technology, export-controlled materials, sanctions-sensitive materials, or other restricted materials.

8.26.3(c) Data leakage may occur through prompt submission, file upload, copy and paste, screenshots, screen recordings, meeting transcription, browser extensions, plug-ins, public AI tools, vendor AI processing, model logs, prompt logs, retrieval snippets, embeddings, vector store exposure, API responses, dashboard labels, map layers, public-safe summaries, public repositories, metadata, citations, autocomplete, telemetry, support access, subprocessors, or side channels.

8.26.3(d) Where data leakage is suspected, GCRI Canada shall promptly preserve relevant records where safe, restrict affected access, suspend affected model or system use where appropriate, disable affected retrieval or embedding sources where appropriate, rotate credentials where needed, assess exposure, classify affected data, review legal and notification obligations, and prevent further dissemination.

8.26.3(e) Where leakage involves public authority data, sovereign data, protected knowledge, Indigenous or community materials, personal information, cyber-sensitive information, infrastructure-sensitive information, credentials, controlled technology, or source-protected materials, GCRI Canada shall apply heightened containment, legal review, privacy review, cybersecurity review, public authority review where applicable, safeguards review, protected knowledge review, and notice analysis.

8.26.3(f) Data leakage incidents shall trigger review of affected outputs, Inference Records, Retrieval and Embedding Records, Dataset Cards, Model Register entries, System Cards, Compute Workload Records, access logs, vendor terms, public-safe publications, public claims, and downstream dependencies.

8.26.3(g) Data leakage shall not be minimized because leaked material was already partially known, hard to interpret, embedded rather than readable, included only in metadata, disclosed only to a vendor, disclosed only in a controlled room, or disclosed only briefly.

8.26.3(h) The controlling rule shall be that AI-connected data leakage is an evidence, rights, security, sovereignty, trust, and correction event, not only a technical exposure.

***

8.26.4 Unauthorized Agent Action Incident.\
8.26.4(a) GCRI Canada shall treat unauthorized agent action as an AI Incident where an agentic AI system takes, attempts, proposes, initiates, completes, routes, publishes, communicates, deletes, modifies, retrieves, exports, executes, or otherwise performs an action outside recorded authority, tool permission mapping, approval gate, workload scope, environment, output class, audience, access class, handling class, or institutional mandate.

8.26.4(b) Unauthorized agent action may include unauthorized external communication, unauthorized public authority contact, unauthorized provider contact, unauthorized sponsor contact, unauthorized community contact, unauthorized capital-reader contact, unauthorized publication, unauthorized dashboard change, unauthorized map change, unauthorized repository change, unauthorized code execution, unauthorized API call, unauthorized data movement, unauthorized deletion, unauthorized reclassification, unauthorized credential use, unauthorized access change, unauthorized log change, unauthorized model call, unauthorized retrieval, unauthorized embedding, or unauthorized workflow trigger.

8.26.4(c) Unauthorized agent action shall also include prohibited attempts, failed attempts, blocked actions, near misses, approval-gate bypass attempts, permission escalation attempts, tool misuse, prompt-injection-driven actions, self-granted permissions, self-approved outputs, self-deleted logs, self-modified authority, and attempts to act as institutional authority.

8.26.4(d) Where unauthorized agent action is detected, GCRI Canada shall activate containment proportionate to risk, including kill switch activation, tool revocation, access suspension, credential rotation, environment quarantine, repository freeze, dashboard freeze, map freeze, publication hold, communication hold, data movement hold, deletion hold, and log preservation where safe.

8.26.4(e) GCRI Canada shall review the agent’s model behavior, prompt context, retrieval context, tool permissions, approval gates, logs, memory where applicable, external effects, data affected, records affected, outputs affected, public-safe effect, public authority effect, finance effect, provider effect, sponsor effect, protected knowledge effect, community effect, and downstream dependency effect.

8.26.4(f) Unauthorized agent action shall not bind GCRI Canada unless a properly authorized human or body separately adopts the action through proper authority and record; and any appearance of binding effect shall be corrected, withdrawn, retracted, clarified, or notified as appropriate.

8.26.4(g) Reinstatement of an affected agentic system shall require correction of permissions, tools, gates, monitoring, prompts, retrieval rules, logging, memory rules where applicable, human review, and incident controls, together with review of affected outputs and dependencies.

8.26.4(h) The controlling rule shall be that unauthorized agent action is serious because agentic systems can create institutional consequences through action before humans have understood the evidence or authority boundary.

***

8.26.5 Unsafe Output Incident.\
8.26.5(a) GCRI Canada shall treat an unsafe output incident as an AI Incident where an AI output, model-supported output, dashboard output, map output, API output, public-safe draft, report, summary, classification, label, score, citation, translation, visualization, recommendation-like statement, correction notice, or generated artifact is unsafe for its audience, classification, handling class, public-safe status, permitted use, or institutional boundary.

8.26.5(b) Unsafe output may include disclosure of restricted information, unsafe geospatial detail, cyber-sensitive detail, infrastructure-sensitive detail, source-protected information, protected knowledge, personal information, rights-bearing data, public authority restricted material, finance-sensitive information, confidential materials, legal privilege, controlled technology, exploit details, credentials, secrets, keys, tokens, or unsafe metadata.

8.26.5(c) Unsafe output may also include outputs that are misleading, overconfident, falsely precise, emotionally manipulative, publicly alarming, falsely reassuring, public-warning-like, emergency-command-like, public-authority-like, finance-like, rating-like, certification-like, recognition-like, procurement-like, provider-preferential, sponsor-validating, protocol-effective, or execution-ready in appearance.

8.26.5(d) Unsafe output incidents may arise even where the underlying source material is accurate, if the output’s framing, title, labels, colors, icons, summaries, omissions, visual design, audience, distribution channel, public authority references, finance references, provider references, sponsor acknowledgments, Nexus references, or metadata create unsafe meaning.

8.26.5(e) Where an unsafe output is detected before release, GCRI Canada shall reject, revise, restrict, reclassify, redact, aggregate, generalize, add boundary language, add limitations, require controlled-room treatment, require public-safe review, or prohibit release.

8.26.5(f) Where an unsafe output has been released, GCRI Canada shall assess audience, access, reliance, exposure, public-safe effect, privacy effect, cybersecurity effect, sovereign data effect, public authority effect, finance effect, provider effect, sponsor effect, protected knowledge effect, community effect, and downstream dependency; and shall correct, restrict, supersede, withdraw, retract, notify, or issue public-safe clarification as appropriate.

8.26.5(g) Unsafe output incidents shall not be excused because the output was generated by an approved model, based on accurate sources, released under time pressure, used by a sophisticated audience, described as “draft,” or supported by a sponsor, provider, public authority participant, or internal reviewer.

8.26.5(h) The controlling rule shall be that an AI output is unsafe when its content or meaning can cause harm, overclaim, unauthorized reliance, boundary collapse, or loss of trust.

***

8.26.6 Bias, Discrimination, Exclusion, or Harm Incident.\
8.26.6(a) GCRI Canada shall treat bias, discrimination, exclusion, or harm involving AI outputs, models, retrieval systems, embedding stores, datasets, dashboards, maps, classifications, scores, summaries, translations, recommendations, or model-enabled workflows as an AI Incident where such bias, discrimination, exclusion, or harm materially affects or may materially affect persons, communities, public authorities, evidence integrity, public-safe publication, institutional trust, or downstream dependency.

8.26.6(b) Bias incidents may arise from training data, evaluation data, public records, missing data, source selection, retrieval ranking, embedding similarity, model alignment, language coverage, translation, geography, protected characteristics, community exclusion, public authority framing, provider materials, sponsor materials, media records, academic records, historical records, or institutional preference.

8.26.6(c) Discrimination incidents may include outputs or workflows that produce, reinforce, justify, obscure, or enable unfair treatment, exclusion, profiling, stigmatization, denial of voice, disparate burden, disparate benefit, stereotyping, decontextualization, or unsafe inference involving protected persons, vulnerable communities, Indigenous communities, local communities, workers, residents, participants, public officials in sensitive contexts, or other rights-bearing groups.

8.26.6(d) Exclusion incidents may include failure to include material community context, Indigenous or local knowledge context, language context, accessibility needs, disability context, territorial context, cultural context, protected knowledge limits, small-community risks, or affected-person perspectives where omission materially distorts evidence or public-safe meaning.

8.26.6(e) Harm incidents may include exposure to retaliation, community harm, protected knowledge exposure, reputational harm, public authority misuse, finance-facing misuse, provider misuse, sponsor misuse, public misinterpretation, unsafe mapping, stigmatizing labels, false risk signals, or exclusion from relevant evidence processes.

8.26.6(f) Where bias, discrimination, exclusion, or harm is detected, GCRI Canada shall review affected datasets, retrieval sources, embedding stores, models, prompts, methods, reviewers, public-safe outputs, dashboards, maps, publications, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider materials, sponsor materials, community-facing materials, and public claims.

8.26.6(g) Corrective action may include dataset correction, source supplementation, community review, Indigenous or protected knowledge review, safeguards review, model restriction, retrieval adjustment, prompt revision, output correction, public-safe reissue, withdrawal, retraction, training update, method update, accessibility update, translation update, or independent review.

8.26.6(h) The controlling rule shall be that AI-supported evidence must not produce public-good outputs by excluding, exposing, stereotyping, or harming the people and communities whose realities the evidence is meant to serve.

***

8.26.7 Model Drift or Performance Degradation Incident.\
8.26.7(a) GCRI Canada shall treat model drift or performance degradation as an AI Incident where a model, model-enabled system, retrieval system, embedding store, classifier, summarizer, evaluator, dashboard system, map system, agentic system, or inference workflow no longer performs within recorded limits for its approved purpose, output class, audience, data class, evidence class, public-safe status, or boundary conditions.

8.26.7(b) Drift may include model drift, data drift, concept drift, retrieval drift, embedding drift, source-corpus drift, prompt drift, output-distribution drift, dashboard drift, map drift, public authority context drift, finance context drift, provider context drift, sponsor context drift, community context drift, legal context drift, technology-domain drift, or risk-domain drift.

8.26.7(c) Performance degradation may include reduced source grounding, increased hallucination, lower retrieval relevance, increased false citations, weaker classification accuracy, increased bias, increased false precision, degraded confidence calibration, degraded uncertainty treatment, poorer public-safe handling, weaker boundary preservation, increased unsafe output, or increased correction frequency.

8.26.7(d) Drift or degradation may arise from new model versions, provider changes, data updates, stale sources, corpus changes, embedding store updates, prompt changes, tool changes, environment changes, dashboard changes, map changes, legal changes, public authority changes, finance-facing use changes, provider involvement, sponsor involvement, or changing public-safe expectations.

8.26.7(e) Where drift or degradation is suspected, GCRI Canada shall review Model Register entries, Model Cards, System Cards, Dataset Cards, Benchmark Cards, Evaluation Harness Records, Inference Records, Retrieval and Embedding Records, public-safe outputs, dashboards, maps, technical baselines, and affected dependency records.

8.26.7(f) Corrective action may include model restriction, model rollback, model reevaluation, model suspension, model retirement, retrieval re-indexing, embedding correction, source refresh, benchmark rerun, prompt revision, output review escalation, public-safe restriction, confidence downgrade, uncertainty revision, limitation update, output correction, or interface notice.

8.26.7(g) Drift or degradation shall not be ignored because no single output has yet failed publicly, because prior performance was acceptable, because the provider has not announced a defect, or because the system remains technically available.

8.26.7(h) The controlling rule shall be that model approval is not permanent; model behavior changes over time and must be corrected when performance no longer matches the record.

***

8.26.8 Retrieval Leakage, Embedding Leakage, or Cross-Context Contamination Incident.\
8.26.8(a) GCRI Canada shall treat retrieval leakage, embedding leakage, or cross-context contamination as an AI Incident where retrieval systems, embedding stores, vector indexes, model contexts, prompts, queries, connectors, dashboards, maps, APIs, or model-enabled workflows expose, mix, infer from, retrieve, summarize, cite, or associate materials across unauthorized classes, rooms, programs, entities, jurisdictions, audiences, or purposes.

8.26.8(b) Retrieval leakage may include unauthorized retrieval of restricted sources, sealed sources, withdrawn sources, retracted sources, public authority restricted sources, finance-sensitive sources, protected knowledge sources, confidential sources, provider-sensitive sources, sponsor-sensitive sources, personal information, cyber-sensitive materials, infrastructure-sensitive materials, or sovereign data.

8.26.8(c) Embedding leakage may include unauthorized corpus ingestion, vector store exposure, cross-tenant vector access, embedding inversion risk, source reconstruction risk, retained embeddings after source deletion, stale embeddings after source correction, withdrawn-source embeddings, retracted-source embeddings, or embedding-store metadata exposure.

8.26.8(d) Cross-context contamination may include mixing internal and public-safe materials, controlled-room and public materials, public authority and non-public authority materials, finance-facing and non-finance materials, GRF and GRA materials, GCRI Canada and other entity materials, provider and evaluation materials, sponsor and evidence materials, community and public materials, or protected knowledge and public-safe materials in a manner that creates false association, boundary collapse, or unsafe meaning.

8.26.8(e) Where retrieval leakage, embedding leakage, or cross-context contamination is detected, GCRI Canada shall restrict affected retrieval sources, disable affected embedding stores where appropriate, preserve logs where safe, identify affected outputs, re-index or delete embeddings where required, review access controls, review classification filters, review public-safe filters, review cross-border effects, and correct dependency records.

8.26.8(f) Corrective action may include corpus partitioning, tenant isolation, program isolation, entity isolation, jurisdictional filtering, source reclassification, metadata correction, retrieval rule correction, embedding deletion, re-indexing, output withdrawal, public-safe correction notice, controlled notice, model restriction, system suspension, or retirement.

8.26.8(g) Leakage or contamination shall not be treated as harmless merely because the model did not quote the restricted source verbatim, the exposure occurred through similarity, the audience was internal, the source title alone was exposed, or the output appeared generally accurate.

8.26.8(h) The controlling rule shall be that retrieval and embedding incidents are high-risk because semantic systems can move context, authority, and protected meaning without visibly moving files.

***

8.26.9 Public Overclaim or Boundary Breach Incident.\
8.26.9(a) GCRI Canada shall treat public overclaim or boundary breach involving AI outputs as an AI Incident where an AI-supported output, AI-generated summary, dashboard, map, publication, repository description, website text, social summary, media material, public authority material, finance-facing material, GRF input, GRA input, Protocol Authority input, provider material, sponsor material, host material, community-facing material, Academy material, or public claim converts or appears to convert evidence support into unauthorized authority.

8.26.9(b) Public overclaim may include AI-supported claims of truth, official decision, public warning, emergency command, public authority approval, regulatory approval, procurement approval, finance-readiness, investment advice, insurance approval, lending approval, underwriting decision, rating, guarantee, certification, recognition, maturity, standing, claims approval, protocol effect, conformance, Nexus-compatible status, provider preference, sponsor approval, host approval, operational clearance, legal status, market authority, infrastructure operation, or execution readiness.

8.26.9(c) Boundary breach may occur through words, images, scores, badges, labels, rankings, colors, icons, charts, maps, dashboards, metadata, citations, public authority names, provider names, sponsor acknowledgments, Nexus references, benchmark framing, technical baseline framing, repository tags, AI-generated headings, AI-generated summaries, or third-party quotations.

8.26.9(d) Public overclaim or boundary breach shall include overclaim by GCRI Canada, directors, officers, staff, fellows, advisors, participants, repository maintainers, agents, providers, sponsors, hosts, public authority participants, National Companies, Project SPVs, capital readers, universities, media actors, community actors, GRF, GRA, Protocol Authority, Nexus entities, or third parties where the overclaim uses or relies on GCRI Canada AI-supported outputs.

8.26.9(e) Where public overclaim or boundary breach is detected, GCRI Canada shall identify the source output, AI role, publication channel, audience, reliance risk, affected boundaries, affected dependencies, and necessary correction response.

8.26.9(f) Corrective action may include public-safe correction notice, controlled notice, removal of misleading text, relabeling, revised boundary language, revised confidence language, revised uncertainty language, revised limitation statements, dashboard correction, map correction, repository correction, website correction, social correction, third-party correction request, withdrawal, retraction, interface suspension, contract remedy, or legal action where appropriate.

8.26.9(g) GCRI Canada shall not delay correction of public overclaim or boundary breach because the overclaim is reputationally beneficial, sponsor-favorable, provider-favorable, public authority-favorable, finance-facing, media-useful, fundraising-useful, event-useful, partnership-useful, or strategically convenient.

8.26.9(h) The controlling rule shall be that public AI overclaim must be corrected quickly because public meaning can harden into unauthorized authority faster than records can explain it.

***

8.26.10 Incident Severity Classification, Containment, Notification, Correction, Model Restriction, Output Withdrawal, and Post-Incident Review.\
8.26.10(a) GCRI Canada shall classify AI Incident severity according to risk, scope, data class, evidence class, output class, public-safe status, public visibility, public authority relevance, finance relevance, GRF relevance, GRA relevance, Protocol Authority relevance, provider relevance, sponsor relevance, community relevance, protected knowledge relevance, privacy effect, cybersecurity effect, sovereign data effect, legal effect, public-claim effect, downstream dependency, and harm potential.

8.26.10(b) Severity classification may distinguish low, moderate, high, critical, controlled-room critical, public-safe critical, privacy critical, cybersecurity critical, public authority critical, finance-boundary critical, protected knowledge critical, community critical, and Board-reportable incidents, or equivalent categories adopted by GCRI Canada.

8.26.10(c) Containment shall be proportionate to severity and may include output hold, publication hold, access restriction, retrieval disabling, embedding store isolation, model restriction, model suspension, agent kill switch, system suspension, environment quarantine, credential rotation, repository freeze, dashboard freeze, map freeze, API restriction, data movement hold, deletion hold, controlled-room restriction, and preservation of logs where safe.

8.26.10(d) Notification shall be assessed according to law, contract, public authority restrictions, privacy obligations, cybersecurity obligations, sovereign data obligations, protected knowledge obligations, community protocols, funder or sponsor obligations, provider obligations, host obligations, public-safe obligations, and institutional duties. Notification may be internal, controlled, public-safe, public authority-facing, community-facing, GRF-facing, GRA-facing, Protocol Authority-facing, provider-facing, sponsor-facing, host-facing, or public, according to proper review.

8.26.10(e) Correction shall include correction of affected outputs, records, sources, datasets, models, prompts, retrieval sources, embeddings, systems, dashboards, maps, APIs, technical baselines, public-safe materials, public claims, boundary language, confidence treatment, uncertainty treatment, limitation statements, and dependency records where required.

8.26.10(f) Model restriction may include disabling a model, narrowing approved uses, restricting data classes, restricting retrieval sources, restricting output classes, requiring human review, requiring public-safe review, disabling agentic functions, disabling tool use, disabling memory, disabling training or improvement, rolling back versions, suspending deployment, retiring the model, or prohibiting future use.

8.26.10(g) Output withdrawal or retraction shall be used where correction cannot safely preserve public meaning, where public reliance is unsafe, where authority overclaim is material, where restricted material was exposed, where evidence is unsupported, or where the output is no longer fit for purpose.

8.26.10(h) Post-incident review shall identify root cause, contributing factors, affected systems, affected records, affected outputs, affected dependencies, containment actions, notification decisions, correction actions, residual risk, control failures, human review failures, training needs, method updates, policy updates, technical updates, Board or committee reporting, and independent review where appropriate.

8.26.10(i) The controlling rule shall be that AI Incident response must classify severity, contain harm, notify appropriately, correct the record, restrict defective models or systems, withdraw unsafe outputs where needed, and improve controls.

***

8.26.11 AI Incident Register.\
8.26.11(a) GCRI Canada shall maintain, or cause to be maintained, an AI Incident Register for material AI Incidents, suspected AI Incidents, near misses, prohibited-action attempts, control failures, public overclaims, boundary breaches, model restrictions, model suspensions, output withdrawals, public-safe corrections, controlled notices, and post-incident reviews.

8.26.11(b) The AI Incident Register shall identify incident title or identifier, incident type, severity classification, date detected, date occurred where known, detecting actor, reporting actor, affected model, affected system, affected agent where any, affected retrieval source, affected embedding store, affected dataset, affected compute workload, affected environment, affected output, affected public-safe material, affected public authority material, affected GRF input, affected GRA input, affected Protocol Authority input, affected dashboard, affected map, affected technical baseline, affected provider material, affected sponsor material, affected community material, affected public claim, and affected dependencies.

8.26.11(c) The AI Incident Register shall identify data affected, evidence affected, confidence effect, uncertainty effect, limitation effect, public-safe effect, privacy effect, cybersecurity effect, sovereign data effect, public authority effect, finance effect, provider effect, sponsor effect, protected knowledge effect, community effect, legal effect, public trust effect, and downstream dependency effect.

8.26.11(d) The AI Incident Register shall identify containment actions, notification decisions, correction actions, model restriction decisions, system restriction decisions, retrieval correction decisions, embedding correction decisions, output withdrawal decisions, retraction decisions, public-safe correction notices, controlled notices, legal review, Board or committee reporting, independent review, residual risk, closeout requirements, closeout date, and archive treatment.

8.26.11(e) The AI Incident Register shall distinguish hallucination incidents, data leakage incidents, unauthorized agent action incidents, unsafe output incidents, bias incidents, discrimination incidents, exclusion incidents, harm incidents, model drift incidents, performance degradation incidents, retrieval leakage incidents, embedding leakage incidents, cross-context contamination incidents, public overclaim incidents, boundary breach incidents, vendor AI incidents, public AI tool misuse incidents, and correction failure incidents.

8.26.11(f) AI Incident Register entries shall be linked, where applicable, to Inference Records, Human Review Records, Model Register entries, System Card entries, Dataset Register entries, Retrieval and Embedding Records, Compute Workload Records, Compute Environment Records, Evidence Register entries, Method Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.26.11(g) AI Incident Register access shall be controlled where entries involve personal information, rights-bearing data, public authority restricted material, cyber-sensitive information, infrastructure-sensitive information, sovereign data, protected knowledge, community-sensitive information, confidential source information, privileged materials, legal sensitivity, finance sensitivity, commercial sensitivity, controlled technology, export-control, sanctions, or other restricted materials.

8.26.11(h) The AI Incident Register shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.26.11(i) The controlling rule shall be that AI Incidents must be registered because institutional memory of model failure, retrieval failure, unsafe output, data exposure, and boundary breach is necessary for correction and trust.

***

8.26.12 Lessons Learned, Policy Update, Training Update, and Technical Control Update.\
8.26.12(a) GCRI Canada shall use AI Incident lessons learned to update policy, methods, training, technical controls, model controls, retrieval controls, embedding controls, agentic controls, public-safe controls, human review controls, boundary controls, incident controls, and correction practices where appropriate.

8.26.12(b) Lessons learned shall identify root causes, including model limitations, dataset defects, retrieval defects, embedding defects, prompt defects, system defects, tool-permission defects, agentic control defects, environment defects, access control defects, logging defects, monitoring defects, public-safe review defects, human review defects, boundary-language defects, training gaps, policy gaps, vendor gaps, sponsor influence risks, provider influence risks, or institutional process gaps.

8.26.12(c) Policy updates may include changes to AI-use rules, Model Register rules, Dataset Card rules, System Card rules, Benchmark Card rules, Retrieval and Embedding Controls, Inference Record rules, Human Review rules, Agentic AI Controls, AI Output Limits, public-safe publication rules, vendor AI processing rules, public AI tool restrictions, data transfer rules, protected knowledge safeguards, and correction rules.

8.26.12(d) Training updates may include training for directors, officers, staff, fellows, advisors, reviewers, repository maintainers, public-safe publication teams, technical teams, public authority interface teams, GRF interface teams, GRA interface teams, Protocol Authority interface teams, provider-facing teams, sponsor-facing teams, host-facing teams, community-facing teams, Academy teams, and other participants using or reviewing AI-supported outputs.

8.26.12(e) Technical control updates may include model restriction, model replacement, retrieval reconfiguration, embedding store deletion or re-indexing, access control changes, tool permission narrowing, agent approval-gate strengthening, sandboxing, monitoring updates, logging updates, prompt-injection controls, data-loss prevention controls, public-safe filters, dashboard controls, map controls, API controls, repository controls, credential controls, and kill-switch testing.

8.26.12(f) Lessons learned shall be translated into Method Register updates, Model Register updates, Dataset Register updates, System Card updates, Benchmark Card updates, Compute Workload Record updates, Output Class Register updates, Publication and Public-Safe Output Register updates, Correction Register updates, Dependency Register updates, and training materials where material.

8.26.12(g) GCRI Canada may produce public-safe assurance summaries of AI Incident lessons learned where doing so strengthens trust without disclosing restricted material, exposing vulnerabilities, revealing personal information, exposing protected knowledge, violating public authority restrictions, creating finance overclaim, creating provider preference, creating sponsor validation, or overstating assurance.

8.26.12(h) Lessons learned shall not be used to conceal prior error, avoid correction, reframe incidents as success, protect sponsors, protect providers, avoid public authority discomfort, preserve finance-facing usefulness, or suppress legitimate challenge.

8.26.12(i) The controlling rule shall be that AI Incident response is incomplete until the institution learns from the incident and updates the policies, training, methods, and technical controls that allowed it to occur.

### 8.27 Model Restriction, Suspension, Retirement, Deprecation, and Archival

8.27.1 Model Restriction Triggers.\
8.27.1(a) GCRI Canada shall restrict a model, model-enabled system, retrieval-enabled model, embedding-enabled model, agentic AI system, simulation model, digital twin model, forecasting model, risk model, classification model, or inference system where continued unrestricted use would create or may create material risk to evidence integrity, public-safe publication, privacy, cybersecurity, sovereign data, protected knowledge, public authority boundaries, finance boundaries, provider neutrality, sponsor non-control, role separation, correctionability, institutional trust, or GCRI Canada’s public-benefit mandate.

8.27.1(b) Restriction triggers may include hallucination risk, unsupported output risk, false citation risk, retrieval weakness, embedding weakness, source-grounding weakness, bias risk, drift risk, unsafe output risk, public-safe failure, privacy risk, cybersecurity risk, sovereign data risk, protected knowledge risk, public authority overclaim risk, finance overclaim risk, provider preference risk, sponsor validation risk, certification implication, recognition implication, protocol implication, procurement implication, or execution implication.

8.27.1(c) Restriction may also be triggered by incomplete model registration, incomplete Model Card, incomplete System Card, incomplete Dataset Card, incomplete Benchmark Card, missing evaluation records, missing inference records, insufficient logging, insufficient monitoring, insufficient human review, overbroad access, unapproved retrieval sources, unapproved embedding stores, unapproved tool use, uncertain vendor terms, uncertain training-use status, uncertain model-improvement status, or unresolved deletion and unlearning limits.

8.27.1(d) Model restriction may limit approved uses, data classes, evidence classes, output classes, audiences, retrieval sources, embedding stores, environments, tool permissions, public-safe uses, public authority uses, finance-facing uses, GRF input uses, GRA input uses, Protocol Authority input uses, provider-facing uses, sponsor-facing uses, community-facing uses, dashboard uses, map uses, API uses, publication uses, or agentic capabilities.

8.27.1(e) Restriction shall be proportionate to risk and may include mandatory human review, mandatory public-safe review, restricted retrieval, disabled memory, disabled tool use, disabled external communication, disabled publication, disabled code execution, restricted prompt classes, restricted input classes, output-class limits, heightened logging, heightened monitoring, controlled-room use only, sandbox use only, internal use only, or prohibition on material use.

8.27.1(f) A model shall not avoid restriction because it is convenient, widely used, provider-promoted, sponsor-supported, embedded in a critical workflow, relied upon in prior outputs, difficult to replace, or reputationally important.

8.27.1(g) Restriction shall not imply that prior outputs are invalid by default, but shall require review of affected outputs where the restriction trigger may have affected evidence meaning, public-safe status, boundary language, confidence, uncertainty, limitations, or downstream dependencies.

8.27.1(h) The controlling rule shall be that models shall be restricted when their permitted use must be narrowed to preserve evidence integrity, public-safe meaning, boundaries, safeguards, and correctionability.

***

8.27.2 Model Suspension Triggers.\
8.27.2(a) GCRI Canada shall suspend a model or model-enabled system where continued use presents unacceptable, unresolved, or insufficiently understood risk pending review, correction, replacement, or retirement.

8.27.2(b) Suspension triggers may include confirmed data leakage, suspected data leakage requiring containment, unauthorized training, unauthorized fine-tuning, unauthorized model improvement, unauthorized embedding, unauthorized retrieval, unauthorized agent action, credential exposure, prompt-injection-driven action, tool misuse, access-control failure, cross-tenant retrieval, cross-program retrieval, cross-entity retrieval, cross-border retrieval, protected knowledge exposure, public authority restricted material exposure, or cyber-sensitive disclosure.

8.27.2(c) Suspension may be required where a model produces repeated hallucinations, repeated false citations, repeated unsafe public-safe outputs, repeated public authority overclaims, repeated finance overclaims, repeated provider-preferential outputs, repeated sponsor-validating outputs, repeated bias or exclusion incidents, repeated misclassifications, repeated boundary breaches, or repeated correction failures.

8.27.2(d) Suspension may also be required where vendor terms change, provider access changes, model version changes, training-use settings change, model-improvement settings change, logging becomes unavailable, deletion rights become uncertain, jurisdiction changes, data residency changes, security posture changes, evaluation fails, public-safe review fails, legal review requires hold, or competent governance determines that continued use would be inconsistent with GCRI Canada’s mandate.

8.27.2(e) Suspension shall identify affected model, version, system, deployment context, workloads, users, retrieval sources, embedding stores, outputs, public-safe materials, public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority inputs, dashboards, maps, APIs, technical baselines, provider materials, sponsor materials, community-facing materials, and public claims.

8.27.2(f) Suspension may include disabling model access, disabling API use, disabling retrieval, isolating embedding stores, disabling agentic tools, freezing affected workflows, holding publication, restricting dashboards, restricting maps, quarantining outputs, preserving logs, notifying reviewers, and initiating incident or correction review.

8.27.2(g) Reinstatement after suspension shall require recorded review showing that the suspension trigger has been resolved, residual risk is acceptable, required controls are restored, affected outputs are reviewed, notices have been issued where required, and proper authority has approved reinstatement.

8.27.2(h) The controlling rule shall be that models shall be suspended when continued use before review would risk propagating unsafe evidence, unsafe outputs, unauthorized authority, or institutional harm.

***

8.27.3 Model Retirement Triggers.\
8.27.3(a) GCRI Canada shall retire a model, model version, model-enabled system, retrieval workflow, embedding workflow, agentic workflow, or model deployment where it is no longer suitable for active use within GCRI Canada’s evidence, methods, Verifiable Compute, Verifiable Intelligence, Nexus Truth Engine, Nexus Observatory, public-good software, public-safe publication, or correction architecture.

8.27.3(b) Retirement triggers may include model obsolescence, unsupported version status, provider end-of-life, unacceptable drift, repeated incident history, unresolved bias, unresolved hallucination risk, unresolved security risk, unresolved privacy risk, unresolved sovereign data risk, unresolved protected knowledge risk, unacceptable public-safe risk, unacceptable public authority boundary risk, unacceptable finance-boundary risk, unacceptable provider-neutrality risk, unacceptable sponsor-control risk, or inability to support correctionability.

8.27.3(c) Retirement may also be triggered where a model cannot support adequate logging, adequate monitoring, adequate human review, adequate output review, adequate deletion, adequate unlearning, adequate access controls, adequate retrieval filtering, adequate embedding control, adequate incident response, adequate evaluation, or adequate records-valid use.

8.27.3(d) Retirement may be required where replacement models, replacement systems, replacement methods, replacement datasets, replacement retrieval sources, replacement environments, or non-AI methods provide safer, more evidence-valid, more public-safe, more privacy-preserving, more security-controlled, more sovereignty-compatible, or more correctionable support.

8.27.3(e) Retirement shall identify prohibited future uses, permitted archival uses, affected workflows, affected outputs, affected dependencies, migration path where any, replacement model where any, public-safe notice where required, controlled notice where required, retention treatment, deletion treatment, sealing treatment, legal hold status, and archive treatment.

8.27.3(f) Retirement shall not erase prior model records, incident records, inference records, outputs, review records, correction records, or dependency records except where deletion is legally required or necessary to protect privacy, cybersecurity, protected knowledge, source protection, privilege, or safety.

8.27.3(g) Retirement shall not by itself invalidate all prior outputs, but shall trigger dependency review where the retirement reason may affect prior output reliability, public-safe status, confidence, uncertainty, limitations, boundary language, or downstream use.

8.27.3(h) The controlling rule shall be that models shall be retired when continued active use is no longer compatible with evidence integrity, safeguards, boundaries, or trust.

***

8.27.4 Model Deprecation Notices.\
8.27.4(a) GCRI Canada shall issue or maintain model deprecation notices where a model, model version, model-enabled system, retrieval configuration, embedding configuration, agentic configuration, or deployment context is no longer preferred, is being phased out, is subject to migration, is superseded by a safer or more appropriate alternative, or is approved only for limited transitional use.

8.27.4(b) A deprecation notice shall identify the deprecated model or system, affected version, reason for deprecation, effective date, transition period where any, permitted interim uses, prohibited uses, required controls, replacement model or method where any, affected workflows, affected output classes, affected audiences, dependency review requirements, and archive treatment.

8.27.4(c) Deprecation may be used where immediate suspension is not required but continued unrestricted reliance would be imprudent because of model age, evaluation limits, provider changes, drift concerns, public-safe concerns, data access changes, retrieval-source changes, tool-use changes, legal developments, vendor terms, security posture, or better available alternatives.

8.27.4(d) Deprecated models shall not be used for new high-consequence outputs, public-safe publications, public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider-facing materials, sponsor-facing materials, community-facing materials, dashboards, maps, technical baselines, public-good software releases, or public claims unless the deprecation notice expressly permits such use and required review is completed.

8.27.4(e) Deprecation notices shall be communicated to affected users, reviewers, stewards, administrators, repository maintainers, public-safe publication teams, public authority interface teams, GRF interface teams, GRA interface teams, Protocol Authority interface teams, provider-facing teams, sponsor-facing teams, community-facing teams, and other affected actors where appropriate.

8.27.4(f) Deprecation notices shall not be framed as certification, recognition, finance-readiness, public authority approval, provider endorsement, sponsor approval, rating, guarantee, operational clearance, protocol effect, procurement status, or execution readiness of the replacement model.

8.27.4(g) Where a deprecated model continues to be used after the transition period or outside permitted interim use, GCRI Canada shall treat the use as unauthorized unless proper review records a lawful, safe, bounded, and correctionable exception.

8.27.4(h) The controlling rule shall be that deprecation notices preserve continuity while preventing stale or inferior models from quietly remaining authoritative in institutional workflows.

***

8.27.5 Model Archival Records.\
8.27.5(a) GCRI Canada shall maintain Model Archival Records for restricted, suspended, deprecated, retired, withdrawn, prohibited, superseded, or historically material models, model versions, model-enabled systems, retrieval configurations, embedding configurations, agentic configurations, evaluation harnesses, and deployment contexts.

8.27.5(b) Model Archival Records shall identify model title or identifier, version, provider, owner, custodian, steward, release status, deployment context, prior permitted uses, prohibited future uses, restriction history, suspension history, deprecation history, retirement history, incident history, evaluation history, output dependencies, correction history, archive date, retention basis, access class, handling class, sealing status, deletion status, legal hold status, and future retrieval limits.

8.27.5(c) Model Archival Records shall preserve, where lawful and safe, Model Register entries, Model Cards, System Cards, Dataset Cards, Benchmark Cards, Evaluation Harness Records, Inference Records, Human Review Records, agent logs, tool logs, retrieval records, embedding records, Compute Workload Records, public-safe output records, incident records, correction records, and dependency records.

8.27.5(d) Archival shall preserve institutional memory sufficient to explain prior outputs, investigate incidents, correct records, assess dependencies, respond to challenges, support audits, and prevent reintroduction of prohibited or retired models.

8.27.5(e) Model archives shall be access-controlled where they involve vendor-sensitive material, security-sensitive material, personal information, public authority restricted material, sovereign data, protected knowledge, confidential source information, privileged materials, finance-sensitive materials, commercially sensitive materials, controlled technology, export-control sensitivity, sanctions sensitivity, or other restricted materials.

8.27.5(f) Model archival shall not preserve active access, active retrieval, active inference, active deployment, active tool use, active embedding, active publication, active dashboard use, active map use, active API use, or active output generation unless expressly authorized for archival, audit, incident, correction, or legal hold purposes.

8.27.5(g) Model Archival Records shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.27.5(h) The controlling rule shall be that retired or restricted models must remain explainable in archive without remaining active in practice.

***

8.27.6 Treatment of Outputs Produced by Restricted, Suspended, Retired, or Deprecated Models.\
8.27.6(a) GCRI Canada shall review the treatment of outputs produced by restricted, suspended, retired, deprecated, withdrawn, prohibited, or superseded models where the reason for restriction, suspension, retirement, deprecation, withdrawal, prohibition, or supersession may materially affect output reliability, source grounding, confidence, uncertainty, limitations, public-safe status, public authority meaning, finance meaning, provider meaning, sponsor meaning, protected knowledge treatment, or downstream dependency.

8.27.6(b) Prior outputs shall be classified by status, including unaffected, review required, qualified, confidence-downgraded, uncertainty-revised, limitation-revised, access-restricted, public-safe-revised, corrected, superseded, withdrawn, retracted, archived, or prohibited for future use.

8.27.6(c) Outputs shall not be invalidated solely because the model later becomes deprecated or retired, unless the deprecation or retirement reason affects the output’s basis or use.

8.27.6(d) Outputs shall be restricted, corrected, superseded, withdrawn, or retracted where the model defect or lifecycle event shows that the output may contain hallucination, false citation, unsupported inference, bias, unsafe disclosure, boundary overclaim, public authority overclaim, finance overclaim, provider preference, sponsor validation, protected knowledge exposure, or material misclassification.

8.27.6(e) Where outputs remain usable after model restriction, suspension, retirement, or deprecation, they shall carry appropriate limitation statements, model-use context, version context, confidence treatment, uncertainty treatment, supersession status where any, and correction path.

8.27.6(f) Public-safe outputs, dashboards, maps, technical baselines, public authority materials, finance-facing materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider materials, sponsor materials, community-facing materials, media materials, and public claims shall receive priority review where affected by a model lifecycle event.

8.27.6(g) Outputs produced by a prohibited model after prohibition, or by a suspended model during suspension without proper exception, shall be treated as unauthorized unless competent review determines a safe, lawful, non-material, or archival basis for retention.

8.27.6(h) The controlling rule shall be that model lifecycle changes must travel downstream because outputs inherit risk from the models that shaped them.

***

8.27.7 Downstream Dependency Review.\
8.27.7(a) GCRI Canada shall conduct downstream dependency review where model restriction, suspension, retirement, deprecation, withdrawal, prohibition, replacement, or archival may affect records, outputs, workflows, interfaces, public materials, controlled materials, or public claims.

8.27.7(b) Dependency review shall identify affected Inference Records, Human Review Records, Model Register entries, System Card entries, Dataset Register entries, Retrieval and Embedding Records, Compute Workload Records, Compute Environment Records, Evidence Register entries, Method Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.27.7(c) Dependency review shall assess whether affected outputs require confidence downgrade, uncertainty revision, limitation revision, source re-check, retrieval re-check, human re-review, public-safe review, boundary review, access restriction, reclassification, correction, supersession, withdrawal, retraction, or notice.

8.27.7(d) Dependency review shall prioritize outputs with public visibility, public authority relevance, finance relevance, GRF relevance, GRA relevance, Protocol Authority relevance, dashboard visibility, map visibility, provider relevance, sponsor relevance, community relevance, protected knowledge relevance, privacy risk, cybersecurity risk, sovereign data risk, legal risk, or high downstream reliance.

8.27.7(e) Dependency review shall identify whether model-produced or model-shaped outputs were copied, summarized, translated, embedded, retrieved, quoted, displayed, visualized, published, routed, used in training, used in Academy materials, used in public authority rooms, used in finance-facing rooms, used in provider materials, used in sponsor materials, or used in public claims.

8.27.7(f) Where dependency review cannot identify all affected outputs with certainty, GCRI Canada shall apply protective treatment proportionate to risk, including source notices, query-based searches, repository review, public-safe review, controlled notices, broad restrictions, or public-safe correction notices where appropriate.

8.27.7(g) Dependency review records shall identify review scope, reviewer, model lifecycle event, affected outputs, affected dependencies, findings, corrective actions, notice decisions, residual risk, closeout status, and archive treatment.

8.27.7(h) The controlling rule shall be that model governance is incomplete unless the institution knows where model outputs travelled and what must be corrected when model status changes.

***

8.27.8 Public-Safe Notice Where Public Materials Are Affected.\
8.27.8(a) GCRI Canada shall consider public-safe notice where public materials are affected by model restriction, suspension, retirement, deprecation, withdrawal, prohibition, replacement, incident, or correction.

8.27.8(b) Public materials may include public-safe reports, public dashboards, public maps, public websites, public repositories, technical baseline summaries, public-good software documentation, Academy materials, event materials, media materials, public claims, public-safe correction notices, public authority learning summaries released publicly, GRF-facing public summaries, GRA-facing public summaries, Protocol Authority-facing public summaries, provider-facing public materials, sponsor-facing public materials, and community-facing public materials.

8.27.8(c) Public-safe notice shall be considered where the model lifecycle event materially affects factual accuracy, source grounding, confidence, uncertainty, limitations, public-safe classification, public authority boundary, finance boundary, recognition boundary, certification boundary, protocol boundary, procurement boundary, provider-neutrality boundary, sponsor non-control boundary, protected knowledge treatment, privacy, cybersecurity, sovereign data, or public trust.

8.27.8(d) Public-safe notice may include correction notice, supersession notice, withdrawal notice, retraction notice, limitation update, confidence update, dashboard note, map note, repository notice, release note, public-safe assurance note, or controlled notice where full public detail would be unsafe.

8.27.8(e) Public-safe notices shall avoid disclosing restricted model details, security vulnerabilities, exploit-sensitive information, personal information, public authority restricted information, sovereign-sensitive information, protected knowledge, community-sensitive information, confidential source information, finance-sensitive information, commercially sensitive information, privileged material, controlled technology, export-controlled material, sanctions-sensitive material, or other unsafe content.

8.27.8(f) Public-safe notice shall not overstate assurance, imply certification, imply recognition, imply finance-readiness, imply public authority approval, imply procurement approval, imply provider endorsement, imply sponsor approval, imply protocol effect, imply operational clearance, or imply execution readiness.

8.27.8(g) Where public notice is not safe or legally appropriate, GCRI Canada may issue controlled notice to affected recipients, update public materials silently only where no misleading public reliance exists, restrict access, or withdraw affected materials pending review.

8.27.8(h) The controlling rule shall be that public materials affected by model lifecycle risk require public-safe correction discipline sufficient to preserve trust without creating unsafe disclosure or unauthorized authority.

***

8.27.9 Replacement Model Review.\
8.27.9(a) GCRI Canada shall review any replacement model, replacement model version, replacement model-enabled system, replacement retrieval configuration, replacement embedding configuration, replacement agentic configuration, or replacement deployment context before it replaces a restricted, suspended, retired, deprecated, withdrawn, prohibited, or superseded model.

8.27.9(b) Replacement model review shall identify replacement purpose, permitted uses, prohibited uses, data classes, evidence classes, output classes, audiences, deployment context, provider, version, data access, retrieval sources, embedding stores, tool permissions, training-use status, model-improvement status, evaluation records, benchmark records, human review requirements, output review requirements, access controls, logging, monitoring, incident path, correction path, and retirement path.

8.27.9(c) Replacement model review shall compare the replacement model against the lifecycle reason affecting the prior model, including whether the replacement reduces, preserves, or increases hallucination risk, bias risk, drift risk, privacy risk, cybersecurity risk, sovereign data risk, protected knowledge risk, public authority overclaim risk, finance overclaim risk, provider preference risk, sponsor validation risk, public-safe risk, boundary risk, and correction risk.

8.27.9(d) A replacement model shall not be approved merely because it is newer, more capable, more fluent, more convenient, cheaper, provider-recommended, sponsor-supported, widely adopted, higher-scoring on external benchmarks, or integrated into existing tools.

8.27.9(e) Replacement model approval shall be limited to recorded uses, audiences, output classes, environments, data classes, retrieval sources, embedding stores, and controls. It shall not automatically inherit all permissions of the retired, suspended, or deprecated model.

8.27.9(f) Migration to a replacement model shall require review of affected prompts, retrieval sources, embedding stores, inference records, system cards, model cards, dataset cards, benchmark cards, dashboards, maps, APIs, public-safe outputs, technical baselines, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider materials, sponsor materials, community-facing materials, and public claims where material.

8.27.9(g) Replacement model review shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.27.9(h) The controlling rule shall be that replacement is not automatic improvement; every replacement model must be reviewed as a new source of evidence risk, boundary risk, and correction risk.

***

8.27.10 Model Lifecycle Records and Register Updates.\
8.27.10(a) GCRI Canada shall maintain Model Lifecycle Records and update the Model Register for model restriction, suspension, reinstatement, deprecation, retirement, withdrawal, prohibition, supersession, archival, replacement, incident response, output treatment, downstream dependency review, and public-safe notice.

8.27.10(b) Model Lifecycle Records shall identify model title or identifier, model version, provider, owner, custodian, steward, system relationship, deployment context, lifecycle event, event trigger, effective date, approving actor, reviewer, affected uses, affected data classes, affected evidence classes, affected output classes, affected audiences, affected environments, affected retrieval sources, affected embedding stores, affected tool permissions, affected workflows, affected outputs, affected dependencies, and correction path.

8.27.10(c) Lifecycle records shall identify restrictions imposed, suspension conditions, reinstatement conditions, deprecation transition, retirement basis, archive treatment, replacement model where any, prohibited future uses, permitted archival uses, public-safe notice decision, controlled notice decision, legal hold status, retention status, deletion status, sealing status, residual risk, and closeout status.

8.27.10(d) The Model Register shall be updated promptly to reflect lifecycle status, including active, restricted, suspended, reinstated, deprecated, retired, withdrawn, prohibited, superseded, archived, or replacement pending.

8.27.10(e) Model Lifecycle Records shall be linked, where applicable, to Model Cards, System Cards, Dataset Cards, Benchmark Cards, Evaluation Harness Records, Inference Records, Human Review Records, Retrieval and Embedding Records, Compute Workload Records, Compute Environment Records, Evidence Register entries, Method Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, AI Incident Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.27.10(f) Lifecycle records shall not be silently deleted, overwritten, or obscured except where legally required or necessary to protect persons, communities, public authorities, privacy, cybersecurity, protected knowledge, lawful confidentiality, privilege, or safety.

8.27.10(g) Model Lifecycle Records and Model Register updates shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.27.10(h) The controlling rule shall be that model lifecycle governance must be recorded because model status changes are themselves evidence events that affect outputs, dependencies, public-safe meaning, and institutional trust.

### 8.28 Proof Receipts, Anchoring, and Verifiable Records

8.28.1 Proof Receipts as Technical Receipts, Not Authority by Default.\
8.28.1(a) GCRI Canada may use Proof Receipts as technical receipts evidencing that a specified record, artifact, dataset, model record, compute event, software artifact, observability event, Truth Engine event, publication event, correction event, or other evidence-related event existed, was registered, was hashed, was signed, was timestamped, was anchored, was versioned, was reviewed, was superseded, was corrected, or was otherwise recorded at a particular time or within a particular record state.

8.28.1(b) A Proof Receipt shall not create authority by default. No Proof Receipt shall create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, execution consequence, ownership right, contractual obligation, regulatory approval, compliance determination, or public-law status merely because a record is receipted, hashed, signed, timestamped, anchored, or tamper-evident.

8.28.1(c) A Proof Receipt may support evidentiary integrity by helping establish record identity, record existence, record version, custody, sequence, non-repudiation where appropriate, tamper-evidence, dependency history, publication history, correction history, supersession history, withdrawal history, retraction history, archive history, and auditability.

8.28.1(d) A Proof Receipt shall prove only what the Proof Receipt record is competent to prove. Unless expressly and lawfully recorded by a competent actor, a Proof Receipt shall not prove that the underlying content is true, complete, lawful, accurate, unbiased, current, public-safe, privacy-compliant, cybersecurity-safe, sovereign-data-compliant, protected-knowledge-compliant, finance-safe, public-authority-approved, provider-neutral, sponsor-independent, or fit for purpose.

8.28.1(e) Proof Receipts shall not be marketed, displayed, labelled, embedded, cited, reused, or summarized as badges of approval, certificates, seals, ratings, maturity statuses, Nexus-compatible statuses, public authority approvals, finance-readiness signals, procurement qualifications, provider endorsements, sponsor validations, operational clearances, guarantees, or execution permissions.

8.28.1(f) Where a Proof Receipt is at risk of being misread as authority, GCRI Canada shall use controlled vocabulary, boundary language, public-safe explanation, access limits, interface controls, correction notices, or withdrawal of misleading references to preserve the Proof Receipt’s character as a technical receipt.

8.28.1(g) Proof Receipts shall remain challengeable, correctable, supersession-aware, withdrawal-aware, revocation-aware where applicable, retraction-aware where applicable, limitation-aware, and archive-aware.

8.28.1(h) The controlling rule shall be that Proof Receipts support verifiability of records, not authority over the world.

***

8.28.2 Proof Receipts for Evidence, Compute, Model, Dataset, Software, Observatory, or Truth Engine Events.\
8.28.2(a) GCRI Canada may create, maintain, accept, or reference Proof Receipts for evidence, compute, model, dataset, software, Observatory, Truth Engine, Verifiable Intelligence, public-safe publication, controlled-room, correction, supersession, withdrawal, retraction, archive, or interface events.

8.28.2(b) Evidence Proof Receipts may evidence the existence, identity, version, custody, source lineage, method relationship, confidence state, uncertainty state, limitation state, classification, review status, public-safe status, correction status, or dependency relationship of evidence records, Evidence Packs, Decision Packs, technical annexes, public-safe summaries, controlled annexes, datasets, source records, source comparison records, or output records.

8.28.2(c) Compute Proof Receipts may evidence compute workload identity, compute environment identity, input identity, method version, model version, code version, configuration, runtime event, output identity, reviewer status, logging status, attestation status, reproducibility status where applicable, correction status, and archive status.

8.28.2(d) Model Proof Receipts may evidence Model Register entries, Model Cards, System Cards, Dataset Cards, Benchmark Cards, Evaluation Harness Records, Inference Records, Human Review Records, model approvals, restrictions, suspensions, deprecations, retirements, incidents, corrections, and lifecycle changes.

8.28.2(e) Dataset Proof Receipts may evidence dataset identity, source records, provenance, permissions, license status, classification, access controls, data lineage, transformation events, embedding events, retrieval-source status, correction, supersession, withdrawal, retraction, sealing, deletion, archival, and legal hold status.

8.28.2(f) Software Proof Receipts may evidence repository state, commit identity, release identity, package identity, build artifact, dependency state, software bill of materials where applicable, security review, vulnerability review, public-good software release, technical baseline release, API schema, dashboard version, map version, correction patch, rollback, deprecation, or archive state.

8.28.2(g) Observatory and Truth Engine Proof Receipts may evidence observability records, sensor records, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, geospatial records, Earth observation records, digital twin records, dashboard states, map states, source comparison events, confidence changes, uncertainty changes, dispute events, challenge events, public-safe classifications, and correction events.

8.28.2(h) Proof Receipts for events under this section shall be linked to the underlying record and shall not be used as substitutes for the underlying evidence, method, review, classification, limitation, or correction record.

8.28.2(i) The controlling rule shall be that Proof Receipts may evidence that a governed event occurred or a record state existed, but shall not replace the governance that gives the event or record meaning.

***

8.28.3 Anchoring, Hashing, Signing, Timestamping, and Tamper-Evidence.\
8.28.3(a) GCRI Canada may use anchoring, hashing, signing, timestamping, tamper-evident logging, cryptographic attestations, digital signatures, repository signatures, release signatures, notarization services, trusted timestamping, append-only logs, merkle structures, DLT anchoring, or equivalent technical mechanisms to strengthen record integrity where appropriate.

8.28.3(b) Hashing may be used to identify record identity, file integrity, dataset identity, model identity, code identity, output identity, version identity, archive identity, dependency identity, correction identity, or publication identity, provided that hashing shall not establish substantive truth, completeness, lawfulness, accuracy, public-safe status, or fitness for purpose.

8.28.3(c) Signing may be used to identify authorized actors, systems, release authorities, reviewers, custodians, repositories, output versions, correction records, software artifacts, public-safe outputs, or technical baseline records, provided that signing shall not imply certification, recognition, finance-readiness, public authority approval, procurement approval, provider endorsement, sponsor approval, protocol effect, or execution clearance by default.

8.28.3(d) Timestamping may be used to establish that a record, artifact, version, output, correction, supersession, withdrawal, retraction, archive, or proof event existed at or before a stated time, provided that timestamping shall not establish that the record was correct, approved, final, official, public-safe, or authoritative.

8.28.3(e) Tamper-evidence may be used to detect alteration, substitution, deletion, replay, unauthorized modification, chain-of-custody defect, dependency mismatch, or archive inconsistency, provided that tamper-evidence shall not be treated as proof that unchanged content is substantively valid.

8.28.3(f) Anchoring, hashing, signing, timestamping, and tamper-evidence shall be implemented in a manner proportionate to risk and shall consider data class, evidence class, output class, public-safe status, privacy, cybersecurity, sovereign data, public authority restrictions, protected knowledge safeguards, legal sensitivity, export-control sensitivity, sanctions sensitivity, and downstream dependency.

8.28.3(g) Where anchoring, hashing, signing, timestamping, or tamper-evidence reveals inconsistency, corruption, unauthorized modification, missing dependency, environment drift, model drift, data drift, output mismatch, or unreviewed change, GCRI Canada shall review affected records and outputs and route them for correction, restriction, downgrade, supersession, withdrawal, retraction, incident handling, or archive treatment as appropriate.

8.28.3(h) The controlling rule shall be that technical integrity mechanisms strengthen record confidence only when their scope and limits are accurately recorded.

***

8.28.4 Blockchain or DLT Anchoring Without PII or Protected Data.\
8.28.4(a) GCRI Canada may use blockchain, distributed ledger technology, append-only registries, public ledgers, permissioned ledgers, consortium ledgers, merkle anchoring, decentralized timestamping, or equivalent DLT-based mechanisms for Proof Receipts only where such use is lawful, secure, privacy-preserving, public-safe, sovereignty-compatible, and records-valid.

8.28.4(b) Blockchain or DLT anchoring shall not include personal information, rights-bearing data, health-sensitive data, public authority restricted information, cyber-sensitive information, infrastructure-sensitive information, sovereign-sensitive information, finance-sensitive information, community-protected information, Indigenous or protected knowledge, confidential source information, privileged information, credentials, secrets, keys, tokens, controlled technology, export-controlled material, sanctions-sensitive material, or other restricted material unless expressly lawful, safe, authorized, and subject to exceptional review; and the default rule shall be that such material shall not be placed on-chain.

8.28.4(c) GCRI Canada shall prefer anchoring hashes, commitments, receipt identifiers, non-sensitive metadata, merkle roots, or equivalent privacy-preserving technical references rather than anchoring underlying content, sensitive metadata, identifiable relationships, source identities, location details, protected knowledge markers, public authority restricted references, or confidential contextual information.

8.28.4(d) Before using blockchain or DLT anchoring, GCRI Canada shall assess immutability risk, deletion limits, correction limits, unlearning impossibility where relevant, metadata exposure, linkage risk, re-identification risk, jurisdiction, validator or node geography, sanctions risk, export-control risk, public authority restrictions, public-chain visibility, provider dependence, sponsor influence, governance model, operational resilience, and long-term availability.

8.28.4(e) Blockchain or DLT anchoring shall not be used where immutable or broadly visible records would conflict with privacy rights, data-subject rights, public authority restrictions, sovereign data controls, protected knowledge safeguards, community protocols, confidentiality, legal obligations, correctionability, deletion obligations, sealing requirements, safety, or public-benefit purpose.

8.28.4(f) DLT anchoring shall not create tokenization, financial product, tradable asset, securities implication, payment function, licensed market infrastructure, regulated financial infrastructure, ownership claim, public finance claim, procurement status, certification, recognition, protocol effect, or execution consequence by default.

8.28.4(g) Where DLT anchoring is corrected, superseded, revoked, or limited, GCRI Canada shall preserve the distinction between the immutable technical anchor and the corrected institutional record, and shall issue appropriate correction, supersession, revocation, limitation, or public-safe explanation records.

8.28.4(h) The controlling rule shall be that DLT anchoring may strengthen tamper-evidence, but immutable systems must not immortalize sensitive data, unsafe metadata, or uncorrected institutional meaning.

***

8.28.5 Proof Receipt Metadata, Scope, Limits, Owner, Custodian, and Correction Path.\
8.28.5(a) Each material Proof Receipt shall identify metadata, scope, limits, owner, custodian, steward, source record, related artifact, related register entry, authority, permitted use, prohibited use, classification, handling class, public-safe status, and correction path.

8.28.5(b) Proof Receipt metadata may include receipt title or identifier, receipt type, event type, record type, artifact identifier, hash or commitment where applicable, signature where applicable, timestamp, anchoring method, anchoring location, anchoring service, DLT network where applicable, repository reference, version reference, actor or system, issuing function, custodian, steward, related method, related model, related dataset, related compute workload, related output, and dependency links.

8.28.5(c) Proof Receipt scope shall identify exactly what was receipted, including whether the receipt covers record existence, file identity, version state, dataset state, model state, code state, compute event, review event, publication event, correction event, supersession event, withdrawal event, retraction event, archive event, or other event.

8.28.5(d) Proof Receipt limits shall identify what the receipt does not prove, including, where material, that the underlying content is not certified, not recognized, not finance-ready, not public-authority-approved, not procurement-approved, not provider-endorsed, not sponsor-approved, not protocol-effective, not legally determinative, not public-warning, not emergency-command, not operationally cleared, not guaranteed, and not execution-ready by default.

8.28.5(e) Owner and custodian records shall identify the responsible GCRI Canada function or authorized external custodian responsible for maintaining receipt records, preserving access, correcting metadata, managing revocation or supersession, preserving public-safe explanations, and linking receipt records to underlying records.

8.28.5(f) Proof Receipt records shall include correction path, challenge path, supersession path, revocation path where applicable, withdrawal path, retraction path where applicable, archive path, retention status, deletion status where lawful, sealing status, legal hold status, notice path, and dependency review path.

8.28.5(g) Where Proof Receipt metadata, scope, limits, owner, custodian, or correction path are incomplete, ambiguous, stale, unsafe, or inconsistent with underlying records, the receipt shall be held, qualified, corrected, superseded, restricted, or withdrawn from active use as appropriate.

8.28.5(h) The controlling rule shall be that a Proof Receipt is useful only when its metadata says what it proves, what it does not prove, who stewards it, and how it can be corrected.

***

8.28.6 Proof Receipt Revocation, Supersession, or Correction.\
8.28.6(a) GCRI Canada shall maintain revocation, supersession, correction, restriction, withdrawal, retraction where applicable, sealing, and archival pathways for Proof Receipts and related verifiable records.

8.28.6(b) Proof Receipt correction shall be required where receipt metadata, scope, linked record, timestamp reference, hash reference, signature reference, anchoring reference, custodian, owner, classification, public-safe status, boundary language, dependency link, or correction path is inaccurate, incomplete, stale, misleading, overclaimed, unsafe, or inconsistent with the underlying record.

8.28.6(c) Proof Receipt supersession shall be used where a later receipt replaces or updates a prior receipt because of corrected content, new version, changed record state, changed classification, changed public-safe status, changed dependency relationship, changed metadata, changed custody, changed boundary language, changed method, changed model, changed dataset, changed compute event, or changed output status.

8.28.6(d) Proof Receipt revocation or withdrawal shall be used where a receipt was issued in error, issued without authority, linked to the wrong record, linked to an unauthorized record, linked to unsafe content, overclaimed, compromised, misused, corrupted, invalidated by later correction, or no longer fit for active reference.

8.28.6(e) Proof Receipt retraction shall be used where a public Proof Receipt, public receipt summary, or receipt-supported public claim materially misled the public, implied unauthorized authority, exposed unsafe information, or created reliance that cannot be corrected by ordinary supersession.

8.28.6(f) Revocation, supersession, or correction shall not necessarily remove the historical fact that a receipt was issued, but shall update the institutional meaning, permitted use, public-safe status, dependency treatment, and future citation limits of the receipt.

8.28.6(g) Where a Proof Receipt is revoked, superseded, corrected, withdrawn, or retracted, GCRI Canada shall review affected Evidence Register entries, Dataset Register entries, Model Register entries, System Card entries, Benchmark Card entries, Compute Workload Records, Compute Environment Records, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, GRF interface records, GRA interface records, Protocol Authority interface records, public authority records, provider records, sponsor records, host records, Nexus interface records, and public claims records.

8.28.6(h) The controlling rule shall be that Proof Receipts must be correctable because technical proof of the wrong thing can be more harmful than no proof at all.

***

8.28.7 Proof Receipt Interface With Protocol Authority Without Protocol Effect by GCRI Canada by Default.\
8.28.7(a) GCRI Canada may provide, reference, or maintain Proof Receipts as inputs to Nexus Standards / Protocol Authority processes, technical baseline review, conformance-supporting methods, proof-receipt architectures, role-key architectures, smart-license architectures, entitlement-state architectures, schema review, API review, public-good software review, or other protocol-adjacent processes.

8.28.7(b) Proof Receipts interfacing with Protocol Authority shall remain technical receipts, evidence records, method records, compute records, model records, dataset records, software records, observability records, output records, or correction records unless a competent Protocol Authority separately creates protocol effect through its own authority, procedure, record, boundary language, and correction path.

8.28.7(c) GCRI Canada shall not represent Proof Receipts as creating protocol effect, conformance status, certification, Nexus-compatible status, role key, smart license, entitlement state, proof-receipt legal effect, external force, standards approval, technical validity status, or operational clearance by default.

8.28.7(d) Terms such as “proof,” “receipt,” “anchored,” “verified,” “verifiable,” “signed,” “timestamped,” “registered,” “validated,” “conformance-supporting,” “protocol-ready,” “Nexus-compatible,” or similar terms shall be governed by controlled vocabulary and shall not be used to imply Protocol Authority status beyond the proper record.

8.28.7(e) Where a Proof Receipt is used in a Protocol Authority interface, the record shall identify whether the receipt is evidence-supporting, method-supporting, software-supporting, compute-supporting, model-supporting, dataset-supporting, observability-supporting, correction-supporting, conformance-supporting, or protocol-effective through separate Protocol Authority action.

8.28.7(f) Where a Proof Receipt is misused to imply protocol effect by GCRI Canada, GCRI Canada shall correct, relabel, restrict, withdraw, reissue, require removal of misleading references, coordinate with Protocol Authority where appropriate, and review affected dependencies.

8.28.7(g) Proof Receipt interface with Protocol Authority shall preserve GCRI Canada’s non-execution role, public-good stack discipline, legal separateness, role separation, provider neutrality, sponsor non-control, public-safe publication, validity-by-record, and correctionability.

8.28.7(h) The controlling rule shall be that Proof Receipts may support protocol discipline, but GCRI Canada does not create protocol effect by issuing or stewarding them.

***

8.28.8 Proof Receipt Interface With GRF Without Recognition by Default.\
8.28.8(a) GCRI Canada may provide, reference, or maintain Proof Receipts as inputs to The Global Risks Forum (GRF) processes, including claims discipline, evidence support, Docket support, Grid support, maturity-context support, public-safe reporting support, stakeholder formation support, registry support, recognition-supporting analysis, correction support, and public-facing legitimacy support.

8.28.8(b) Proof Receipts interfacing with GRF shall remain technical receipts and evidence-supporting records unless GRF separately creates recognition, standing, maturity record, claims approval, registry status, public-facing legitimacy, stakeholder formation status, or public-safe reporting status through GRF’s own authority, procedure, record, boundary language, and correction path.

8.28.8(c) GCRI Canada shall not represent a Proof Receipt as GRF recognition, GRF standing, GRF maturity, GRF claims approval, public-facing legitimacy, registry status, stakeholder formation, public-safe reporting status, or public claim approval by default.

8.28.8(d) Proof Receipts may support GRF by strengthening traceability of evidence, source lineage, publication state, correction state, dependency state, claim history, maturity-context inputs, and public-safe output history, but shall not decide GRF legitimacy status.

8.28.8(e) Where a Proof Receipt is used in a GRF interface, the record shall identify whether the receipt is evidence-supporting, claim-supporting, Docket-supporting, Grid-supporting, maturity-context-supporting, public-safe-reporting-supporting, recognition-supporting, correction-supporting, or GRF-status-effective through separate GRF action.

8.28.8(f) Where a Proof Receipt is misused to imply GRF recognition by GCRI Canada, GCRI Canada shall correct, relabel, restrict, withdraw, reissue, require removal of misleading references, coordinate with GRF where appropriate, and review affected dependencies.

8.28.8(g) Proof Receipt interface with GRF shall preserve GCRI Canada’s evidence-and-methods role, GRF’s legitimacy and recognition role, public-good stack discipline, legal separateness, role separation, public-safe publication, validity-by-record, and correctionability.

8.28.8(h) The controlling rule shall be that Proof Receipts may support GRF recognition discipline, but GCRI Canada does not create GRF recognition by issuing or stewarding them.

***

8.28.9 Proof Receipt Interface With GRA Without Finance-Readiness by Default.\
8.28.9(a) GCRI Canada may provide, reference, or maintain Proof Receipts as inputs to The Global Risks Alliance (GRA) processes, including Proof Packs, insurance-readiness inputs, capital-reader literacy inputs, RNFD inputs, NFD inputs, UNFSD inputs, Rails handoffs, host readiness evidence, node evidence, resilience evidence, risk evidence, public-safe finance-boundary materials, and correction support.

8.28.9(b) Proof Receipts interfacing with GRA shall remain technical receipts and evidence-supporting records unless GRA or another competent actor separately creates finance-readiness, capital-readiness, insurance-readiness, routeability, capital readability, Proof Pack status, public finance readiness, or other finance-facing status through its own authority, procedure, record, boundary language, and correction path.

8.28.9(c) GCRI Canada shall not represent a Proof Receipt as finance-readiness, capital-readiness, insurance-readiness, investment advice, securities recommendation, brokerage, placement, finder activity, lending decision, underwriting decision, insurance approval, rating, guarantee, public finance approval, bankability, fundability, capital commitment, credit quality, insurance quality, investment quality, or financial suitability by default.

8.28.9(d) Proof Receipts may support GRA by strengthening traceability of evidence, source lineage, compute history, dataset history, model history, benchmark history, observability history, public-safe output history, correction history, and dependency history for finance-facing literacy and discipline, but shall not create financial consequence.

8.28.9(e) Where a Proof Receipt is used in a GRA interface, the record shall identify whether the receipt is evidence-supporting, risk-supporting, resilience-supporting, Proof Pack-supporting, insurance-readiness-input-supporting, capital-reader-literacy-supporting, RNFD-supporting, NFD-supporting, UNFSD-supporting, Rails-handoff-supporting, correction-supporting, or finance-status-effective through separate competent action.

8.28.9(f) Where a Proof Receipt is misused to imply finance-readiness by GCRI Canada, GCRI Canada shall correct, relabel, restrict, withdraw, reissue, require removal of misleading references, coordinate with GRA where appropriate, and review affected dependencies.

8.28.9(g) Proof Receipt interface with GRA shall preserve GCRI Canada’s non-financial role, GRA’s finance-readiness discipline, public-good stack discipline, enterprise-stack separation, legal separateness, role separation, no-advice boundary, no-rating boundary, no-guarantee boundary, public-safe publication, validity-by-record, and correctionability.

8.28.9(h) The controlling rule shall be that Proof Receipts may support finance-facing evidence discipline, but GCRI Canada does not create finance-readiness by issuing or stewarding them.

***

8.28.10 Proof Receipt Records, Registers, and Public-Safe Summaries.\
8.28.10(a) GCRI Canada shall maintain, or cause to be maintained, Proof Receipt Records and, where appropriate, a Proof Receipt Register for material Proof Receipts issued, accepted, referenced, corrected, superseded, revoked, withdrawn, retracted, sealed, archived, or summarized by or on behalf of GCRI Canada.

8.28.10(b) Proof Receipt Records shall identify receipt title or identifier, receipt type, event type, underlying record, artifact, dataset, model, software, compute workload, Observatory event, Truth Engine event, publication event, correction event, issuing actor or system, owner, custodian, steward, timestamp, hash or commitment where applicable, signature where applicable, anchoring method, anchoring location, DLT network where applicable, public-safe status, access class, handling class, permitted use, prohibited use, limitations, correction path, supersession path, revocation path, withdrawal path, retraction path where applicable, archive path, and dependency links.

8.28.10(c) The Proof Receipt Register shall distinguish proposed receipts, issued receipts, internal receipts, controlled receipts, public-safe receipts, Protocol Authority interface receipts, GRF interface receipts, GRA interface receipts, Observatory receipts, Truth Engine receipts, compute receipts, dataset receipts, model receipts, software receipts, publication receipts, correction receipts, superseded receipts, revoked receipts, withdrawn receipts, retracted receipts, sealed receipts, retired receipts, archived receipts, and prohibited receipts.

8.28.10(d) Proof Receipt Records shall be linked, where applicable, to Evidence Register entries, Source Comparison Records, Dataset Register entries, Model Register entries, System Card entries, Benchmark Card entries, Evaluation Harness Records, Inference Records, Human Review Records, Retrieval and Embedding Records, Compute Workload Records, Compute Environment Records, Method Register entries, Observability Register entries, Ontology and Controlled Vocabulary Register entries, Output Class Register entries, Publication and Public-Safe Output Register entries, AI Incident Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.28.10(e) Public-Safe Proof Receipt Summaries may be issued where disclosure supports public trust, public-safe learning, technical literacy, correction transparency, GRF interface clarity, GRA interface clarity, Protocol Authority interface clarity, provider-neutrality, sponsor non-control, or Nexus public-good legibility.

8.28.10(f) Public-Safe Proof Receipt Summaries shall not disclose personal information, rights-bearing data, cyber-sensitive information, infrastructure-sensitive information, public authority restricted information, sovereign-sensitive information, protected knowledge, community-sensitive information, confidential source information, privileged material, credentials, secrets, keys, tokens, controlled technology, exploit details, security controls, finance-sensitive information, commercially sensitive information, or unsafe metadata.

8.28.10(g) Public-Safe Proof Receipt Summaries shall state or preserve, where material, what the receipt proves, what it does not prove, the record class, event class, version state, public-safe limitations, boundary language, correction status, supersession status, withdrawal or revocation status where applicable, and permitted use.

8.28.10(h) Proof Receipt Records, Proof Receipt Registers, and Public-Safe Proof Receipt Summaries shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.28.10(i) The controlling rule shall be that Proof Receipts must be registered and summarized only in ways that strengthen verifiable records without converting technical receipt into institutional authority.

### 8.29 Public-Safe Truth Engine, Compute, and AI Outputs

8.29.1 Public-Safe Review Before External Release.\
8.29.1(a) GCRI Canada shall require public-safe review before external release of material Nexus Truth Engine outputs, Verifiable Compute outputs, Verifiable Intelligence outputs, AI outputs, model-supported outputs, inference outputs, dashboards, maps, APIs, datasets, Evidence Packs, Decision Packs, technical notes, public-good software documentation, open technical baseline summaries, Observatory outputs, Risk Management outputs, Rails outputs, Grid inputs, Academy materials, public authority learning materials, GRF-facing materials, GRA-facing materials, Protocol Authority-facing materials, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, media materials, website materials, repository descriptions, event materials, public-safe correction notices, and public claims.

8.29.1(b) Public-safe review shall determine whether the proposed output may be released externally, released only to a controlled audience, released only with redaction, released only with aggregation, released only with generalization, released only with safe-location treatment, released only with boundary language, released only with confidence, uncertainty, and limitation statements, released only through a controlled annex, delayed, withheld, withdrawn, or refused.

8.29.1(c) Public-safe review shall assess data class, evidence class, source lineage, source authority, source permission, lawful basis where applicable, data lineage, method status, model status, compute status, inference status, human review status, confidence, uncertainty, limitations, output class, intended audience, public authority relevance, finance relevance, provider relevance, sponsor relevance, host relevance, community relevance, protected knowledge relevance, privacy risk, cybersecurity risk, sovereign data risk, legal risk, export-control risk, sanctions risk, controlled-technology risk, and downstream dependency.

8.29.1(d) Public-safe review shall not be satisfied merely because an output is polished, short, anonymized in appearance, labelled public-safe, produced by an approved model, produced from an approved dataset, generated in an approved compute environment, supported by a Proof Receipt, reviewed for technical accuracy, requested by a sponsor, requested by a provider, requested by a public authority, useful for finance-facing literacy, or aligned with a preferred public narrative.

8.29.1(e) Public-safe review shall include review of text, figures, tables, titles, headings, labels, scores, confidence displays, uncertainty displays, dashboard colors, map layers, icons, geospatial precision, API fields, metadata, file names, repository paths, captions, social summaries, public authority references, provider references, sponsor acknowledgments, Nexus references, quotation risk, and likely third-party reuse.

8.29.1(f) Public-safe approval shall be limited to the specific output, version, audience, channel, format, boundary language, public-safe status, permitted use, prohibited use, and correction path reviewed. It shall not authorize unrestricted reuse, translation, excerpting, dashboard reuse, map reuse, media reuse, sponsor reuse, provider reuse, finance-facing reuse, public authority use, GRF status use, GRA status use, Protocol Authority status use, or third-party public claims by implication.

8.29.1(g) Where public-safe review cannot be completed at a level proportionate to risk, the output shall remain internal, controlled, draft, restricted, held, withdrawn, or refused for release until adequate review is completed.

8.29.1(h) The controlling rule shall be that no material Truth Engine, compute, or AI output may leave GCRI Canada’s controlled evidence environment unless its public meaning, public risks, public boundaries, and correction path have been reviewed and recorded.

***

8.29.2 Public-Safe Summaries Versus Controlled Annexes.\
8.29.2(a) GCRI Canada shall distinguish public-safe summaries from controlled annexes when preparing Truth Engine outputs, Verifiable Compute outputs, Verifiable Intelligence outputs, AI outputs, Evidence Packs, Decision Packs, dashboards, maps, reports, technical notes, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, Academy materials, public-good software documentation, and public claims.

8.29.2(b) A public-safe summary shall be an externally releasable output that communicates evidence meaning, method meaning, confidence, uncertainty, limitations, public-safe omissions, boundary language, and correction path without disclosing restricted material or creating unauthorized authority.

8.29.2(c) A controlled annex shall be an access-restricted output containing details, source materials, technical records, evidence records, datasets, model records, compute records, inference records, cyber-sensitive information, infrastructure-sensitive information, public authority restricted materials, finance-sensitive materials, protected knowledge materials, confidential materials, or other restricted information that may be reviewed only by authorized recipients under recorded handling conditions.

8.29.2(d) Public-safe summaries may refer to the existence of controlled annexes only where such reference is lawful, safe, accurate, non-misleading, and does not reveal restricted source identities, protected knowledge markers, sensitive locations, public authority restricted information, finance-sensitive information, cybersecurity details, confidential materials, or unsafe metadata.

8.29.2(e) Controlled annexes shall not be released, quoted, summarized, converted into public-safe summaries, embedded in public dashboards, exposed through public APIs, mapped publicly, used in media materials, used in sponsor materials, used in provider materials, used in finance-facing materials, or used in public claims unless reclassified and reviewed through public-safe release controls.

8.29.2(f) Public-safe summaries shall not conceal material uncertainty, erase material limitations, omit relevant conflicts, falsely simplify evidence, overstate confidence, convert controlled-room findings into public authority meaning, convert evidence into finance-readiness, convert benchmark results into rankings, convert Proof Receipts into approval, or convert technical outputs into certification, recognition, protocol effect, procurement preference, provider endorsement, sponsor approval, or execution readiness.

8.29.2(g) Where the underlying evidence is too sensitive, uncertain, incomplete, contested, restricted, or boundary-risk-bearing for public-safe summarization, GCRI Canada may use controlled annex treatment, responsible non-disclosure, delayed release, no-publication treatment, or limited public-safe statement identifying that no public-safe conclusion is available.

8.29.2(h) The controlling rule shall be that public-safe summaries make evidence legible without exposing what must remain controlled, while controlled annexes preserve review depth without becoming public outputs by leakage or implication.

***

8.29.3 Public-Safe Treatment of Personal, Public Authority, Health-Sensitive, Cyber-Sensitive, Infrastructure-Sensitive, Finance-Sensitive, Community-Protected, Indigenous, and Protected Knowledge Data.\
8.29.3(a) GCRI Canada shall apply heightened public-safe treatment to outputs involving personal information, rights-bearing data, public authority materials, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, sovereign data, finance-sensitive data, commercially sensitive data, community-protected data, Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, traditional ecological knowledge, sensitive-site information, protected knowledge, confidential source information, privileged materials, controlled technology, export-controlled material, sanctions-sensitive material, or other restricted materials.

8.29.3(b) Personal information and rights-bearing data shall not be released externally unless lawful, authorized, necessary, proportionate, public-safe, and consistent with privacy, data rights, dignity, re-identification, inference, retaliation, accessibility, and correction requirements.

8.29.3(c) Public authority materials shall be released only in a manner consistent with public authority capacity classification, official or non-official status, data-sharing authority, public authority restrictions, agency reference controls, non-delegation language, non-endorsement language, non-regulatory language, non-procurement language, non-funding language, non-public-finance language, non-warning language, non-emergency-command language, confidence, uncertainty, limitations, and correction path.

8.29.3(d) Health-sensitive, cyber-sensitive, and infrastructure-sensitive materials shall be reviewed to prevent disclosure of identifiable health context, inferred health status, system vulnerabilities, exploit details, credentials, security controls, incident details, infrastructure topology, critical dependencies, degraded-mode details, operational weaknesses, sensitive geographies, unsafe telemetry, or other information capable of increasing harm.

8.29.3(e) Finance-sensitive materials shall be reviewed to prevent investment advice, ratings, guarantees, finance-readiness implication, insurance approval implication, lending implication, underwriting implication, public finance approval implication, capital commitment implication, bankability implication, fundability implication, provider market advantage, sponsor validation, or improper capital-reader reliance.

8.29.3(f) Community-protected, Indigenous, local, territorial, cultural, environmental, and protected knowledge materials shall be reviewed to preserve authority, consent or non-consent where applicable, community protocols, Indigenous protocols where applicable, cultural context, territorial context, relationship, attribution, non-extraction, source protection, sensitive-site protection, protected knowledge restrictions, withdrawal or challenge pathways where applicable, and do-no-harm controls.

8.29.3(g) Where restricted data can support public learning only through transformation, GCRI Canada may use redaction, aggregation, generalization, safe-location treatment, abstraction, delayed release, controlled annexes, public-safe summaries, responsible non-disclosure, or no-publication treatment.

8.29.3(h) Public-safe treatment shall not be used to sanitize unlawful, unauthorized, biased, unsafe, incomplete, or overclaimed evidence into public release. If the underlying material cannot support safe public meaning, the output shall remain controlled, be corrected, be withdrawn, or not be published.

8.29.3(i) The controlling rule shall be that sensitive data may inform public-good learning only where the public output protects people, communities, public authorities, systems, sovereignty, confidentiality, protected knowledge, and trust.

***

8.29.4 Public-Safe Treatment of AI Limitations, Model Uncertainty, Confidence Scores, and Evidence Gaps.\
8.29.4(a) GCRI Canada shall ensure that public-safe Truth Engine, compute, and AI outputs identify AI limitations, model uncertainty, confidence treatment, evidence gaps, assumptions, proxies, inference chains, source limitations, data limitations, method limitations, compute limitations, retrieval limitations, embedding limitations, benchmark limitations, dashboard limitations, map limitations, API limitations, and downstream-use limitations where material.

8.29.4(b) Public-safe outputs shall avoid false precision, including unsupported numerical certainty, misleading rankings, unexplained scores, overconfident labels, dashboard color overstatement, map symbol overstatement, benchmark overstatement, risk indicator overstatement, resilience indicator overstatement, maturity-context overstatement, readiness-context overstatement, or AI-generated conclusions that appear more exact than the evidence record supports.

8.29.4(c) Confidence scores, confidence bands, labels, traffic-light displays, rankings, maturity-context signals, resilience indicators, readiness-context signals, benchmark results, and model-generated classifications shall be explained in public-safe language sufficient to prevent interpretation as certification, recognition, finance-readiness, rating, public authority decision, procurement approval, provider endorsement, sponsor approval, protocol effect, public warning, emergency command, operational clearance, or execution readiness.

8.29.4(d) Uncertainty shall be paired with confidence where material. Public-safe outputs shall not state confidence without identifying material uncertainty, and shall not state uncertainty in a manner that conceals what is known, what is unknown, what is contested, what is missing, and what cannot safely be disclosed.

8.29.4(e) Evidence gaps shall be disclosed or responsibly explained where omission would mislead, including gaps caused by missing data, inaccessible records, community non-consent, Indigenous protocol, public authority restriction, privacy restriction, cybersecurity restriction, sovereign data restriction, protected knowledge restriction, source protection, legal restriction, or public-safe omission.

8.29.4(f) AI limitations shall identify, where material, hallucination risk, source omission risk, retrieval error risk, embedding error risk, bias risk, drift risk, translation risk, summarization risk, context collapse risk, false association risk, model-update risk, vendor-risk, prompt-injection risk, tool-use risk, and human-review limits.

8.29.4(g) Where limitations, uncertainty, confidence, or evidence gaps cannot be explained publicly without unsafe disclosure, GCRI Canada may use general limitation language, public-safe caveats, controlled annex references, restricted briefings, or responsible non-disclosure, provided that the public output is not misleading.

8.29.4(h) The controlling rule shall be that public-safe outputs must help audiences understand not only what the institution knows, but how it knows, how strongly it knows, what it cannot say, and why the output must not be overread.

***

8.29.5 Public-Safe Maps, Dashboards, Reports, Technical Notes, APIs, and Datasets.\
8.29.5(a) GCRI Canada shall apply public-safe controls to maps, dashboards, reports, technical notes, APIs, datasets, data visualizations, scorecards, public-good software documentation, open technical baseline summaries, Observatory outputs, Truth Engine outputs, Verifiable Compute outputs, Verifiable Intelligence outputs, model evaluation summaries, benchmark summaries, and public-safe correction notices.

8.29.5(b) Public-safe maps shall be reviewed for geospatial precision, sensitive-site exposure, infrastructure exposure, community identifiability, protected knowledge exposure, public authority implication, public warning implication, emergency-command implication, security risk, safe-location treatment, aggregation, masking, generalization, labels, legends, color scales, symbols, captions, metadata, download functions, API exposure, screenshots, and reuse risk.

8.29.5(c) Public-safe dashboards shall be reviewed for scores, labels, indicators, colors, filters, drill-down functions, exports, APIs, time-series interpretation, confidence display, uncertainty display, stale-data treatment, correction status, public warning implication, public authority implication, finance implication, provider preference, sponsor validation, and public claim risk.

8.29.5(d) Public-safe reports and technical notes shall be reviewed for source lineage, citability, limitation statements, controlled vocabulary, public authority references, finance references, provider references, sponsor acknowledgments, Nexus interface references, benchmark framing, Proof Receipt framing, AI-use disclosure where appropriate, confidence, uncertainty, public-safe omissions, permitted use, prohibited use, and correction path.

8.29.5(e) Public-safe APIs shall be reviewed for field names, schema meaning, access controls, rate limits where appropriate, authentication where appropriate, output classification, sensitive-field exclusion, geospatial precision, metadata exposure, caching, downstream reuse, terms of use, public-safe boundary language, correction propagation, versioning, deprecation, and abuse detection.

8.29.5(f) Public-safe datasets shall be reviewed for de-identification, aggregation, redaction, generalization, safe-location treatment, re-identification risk, inference risk, sensitive metadata, public authority restrictions, sovereign data restrictions, protected knowledge restrictions, source protection, licensing, permitted use, prohibited use, dataset limitations, correction path, and withdrawal path.

8.29.5(g) Public-safe maps, dashboards, reports, technical notes, APIs, and datasets shall not be designed or presented as public warnings, public authority tools, procurement tools, finance tools, provider-ranking tools, sponsor-validation tools, certification tools, recognition tools, protocol-effect tools, operational-command tools, or execution tools unless a competent separate actor has lawfully created such status through its own record; and GCRI Canada shall not create such status by default.

8.29.5(h) Where any public-safe technical output becomes stale, inaccurate, unsafe, overclaimed, misclassified, misused, or superseded, GCRI Canada shall correct, relabel, reclassify, restrict, version, supersede, withdraw, retract, deprecate, archive, or issue notice as appropriate.

8.29.5(i) The controlling rule shall be that public-safe technical outputs must be safe not only in their underlying data, but in their interface, visualization, labels, access patterns, downstream reuse, and public meaning.

***

8.29.6 Public-Safe Boundary Language for No Public Warning, No Authority, No Certification, No Finance, No Procurement, and No Endorsement.\
8.29.6(a) GCRI Canada shall include public-safe boundary language in Truth Engine, compute, AI, Verifiable Intelligence, public-good software, open technical baseline, Observatory, dashboard, map, API, dataset, report, technical note, public authority learning, GRF-facing, GRA-facing, Protocol Authority-facing, provider-facing, sponsor-facing, host-facing, community-facing, Academy, media, repository, and public claim outputs where needed to prevent overclaim or unauthorized reliance.

8.29.6(b) Boundary language shall state or preserve, where material, that the output is evidence-supporting, learning-supporting, method-supporting, observability-supporting, public-safe, or technical in nature and does not constitute public warning, emergency command, public authority decision, regulatory approval, procurement approval, funding approval, public finance approval, certification, recognition, maturity record, standing, claims approval, protocol effect, conformance determination, Nexus-compatible status, finance-readiness, investment advice, rating, guarantee, provider endorsement, sponsor approval, host approval, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence.

8.29.6(c) Boundary language shall be specific to the relevant risk. Public authority materials shall include public authority boundary language; finance-facing materials shall include finance-boundary language; GRF-facing materials shall include recognition-boundary language; GRA-facing materials shall include finance-readiness-boundary language; Protocol Authority-facing materials shall include protocol-boundary language; provider-facing and sponsor-facing materials shall include neutrality and non-control language; warning-adjacent materials shall include no-public-warning and no-emergency-command language.

8.29.6(d) Boundary language shall not be generic boilerplate where generic language would be insufficient to prevent foreseeable misuse. It shall be placed where reasonably visible in the output, including cover pages, dashboard legends, map captions, API documentation, dataset notes, public-safe summaries, technical notes, repository descriptions, release notes, and correction notices as appropriate.

8.29.6(e) Boundary language shall not be used to cure an output that is substantively unsafe, misleading, unsupported, overclaimed, privacy-invasive, cyber-sensitive, public-authority-inflating, finance-inflating, provider-preferential, sponsor-validating, protected-knowledge-exposing, or otherwise unfit for public release.

8.29.6(f) Where public-safe outputs are excerpted, translated, localized, summarized, embedded, cited, displayed in dashboards, displayed in maps, exposed through APIs, reused by sponsors, reused by providers, reused by public authorities, reused by media, reused by capital readers, or reused by third parties, GCRI Canada shall seek to preserve boundary language through versioning, metadata, terms of use, citation guidance, public-safe notices, or correction requests.

8.29.6(g) Where boundary language is omitted, weakened, removed, mistranslated, contradicted, or rendered ineffective, GCRI Canada shall correct, relabel, restrict, reissue, withdraw, retract, or notify affected interfaces as appropriate.

8.29.6(h) The controlling rule shall be that public-safe outputs must carry the boundaries necessary to prevent evidence from being mistaken for authority.

***

8.29.7 Public-Safe Corrections, Retractions, Withdrawals, and Supersessions.\
8.29.7(a) GCRI Canada shall maintain public-safe correction, retraction, withdrawal, restriction, relabeling, reclassification, supersession, deprecation, archive, and reissue pathways for public-safe Truth Engine, compute, AI, Verifiable Intelligence, Observatory, dashboard, map, API, dataset, report, technical note, public-good software, technical baseline, Academy, public authority learning, GRF-facing, GRA-facing, Protocol Authority-facing, provider-facing, sponsor-facing, host-facing, community-facing, media, and public claim outputs.

8.29.7(b) Public-safe correction shall be required where an output is inaccurate, incomplete, misleading, stale, misclassified, overclaimed, source-defective, data-defective, method-defective, model-defective, compute-defective, inference-defective, confidence-defective, uncertainty-defective, limitation-defective, public-safe defective, public authority-defective, finance-boundary defective, provider-neutrality defective, sponsor-control defective, protected-knowledge defective, privacy-defective, cyber-defective, sovereign-data-defective, or no longer fit for purpose.

8.29.7(c) Public-safe supersession shall be used where a later output replaces a prior public-safe output because of new evidence, corrected evidence, changed method, changed dataset, changed model, changed compute, changed inference, changed confidence, changed uncertainty, changed limitations, changed classification, changed public-safe status, changed boundary language, changed public authority context, changed finance context, changed provider context, changed sponsor context, or changed dependency status.

8.29.7(d) Public-safe withdrawal shall be used where an output should no longer be used or relied upon but does not require a full public retraction, including where uncertainty, classification, legal review, privacy review, cybersecurity review, sovereign data review, protected knowledge review, or public-safe review requires removal from active use.

8.29.7(e) Public-safe retraction shall be used where a public output or public claim was materially wrong, unsupported, unsafe, authority-inflating, finance-inflating, procurement-inflating, provider-preferential, sponsor-validating, privacy-invasive, security-sensitive, community-harming, protected-knowledge-infringing, or inconsistent with GCRI Canada’s public-benefit duties.

8.29.7(f) Public-safe correction notices shall identify, where appropriate, the affected output, prior version, corrected version, correction basis, effective date, scope of change, continuing limitations, revised confidence, revised uncertainty, revised public-safe status, revised boundary language, permitted use, prohibited use, affected dependencies, and archive link to prior versions, while avoiding unsafe disclosure.

8.29.7(g) Corrections, retractions, withdrawals, and supersessions shall not be delayed or avoided because correction may be reputationally uncomfortable, sponsor-sensitive, provider-sensitive, public authority-sensitive, finance-sensitive, media-sensitive, program-disruptive, technically burdensome, or inconvenient.

8.29.7(h) The controlling rule shall be that public-safe outputs remain trustworthy only where the public record can be corrected, superseded, withdrawn, or retracted without hiding what changed.

***

8.29.8 Public-Safe Output Register.\
8.29.8(a) GCRI Canada shall maintain, or cause to be maintained, a Public-Safe Output Register for material public-safe Truth Engine, compute, AI, Verifiable Intelligence, Observatory, dashboard, map, API, dataset, report, technical note, public-good software, technical baseline, Academy, public authority learning, GRF-facing, GRA-facing, Protocol Authority-facing, provider-facing, sponsor-facing, host-facing, community-facing, media, event, repository, website, and public claim outputs.

8.29.8(b) The Public-Safe Output Register shall identify output title or identifier, output type, output class, owner, custodian, steward, source records, dataset records, method records, model records where applicable, compute records where applicable, inference records where applicable, human review records, public-safe review records, version, release date, channel, intended audience, public-safe status, access status, publication status, confidence, uncertainty, limitations, public-safe omissions, boundary language, permitted use, prohibited use, correction path, supersession path, withdrawal path, retraction path where applicable, archive path, and dependency links.

8.29.8(c) The Public-Safe Output Register shall distinguish proposed public-safe outputs, approved public-safe outputs, released public-safe outputs, controlled-public outputs, public authority learning outputs, GRF-facing public-safe outputs, GRA-facing public-safe outputs, Protocol Authority-facing public-safe outputs, Observatory public-safe outputs, dashboard outputs, map outputs, API outputs, dataset outputs, technical baseline summaries, public-good software outputs, Academy outputs, corrected outputs, superseded outputs, withdrawn outputs, retracted outputs, restricted outputs, deprecated outputs, archived outputs, and prohibited outputs.

8.29.8(d) Register entries shall identify where the output is displayed, published, hosted, mirrored, cited, embedded, API-exposed, dashboard-exposed, map-exposed, repository-exposed, socialized, included in event materials, included in sponsor materials, included in provider materials, included in public authority materials, included in GRF materials, included in GRA materials, included in Protocol Authority materials, or otherwise made available externally.

8.29.8(e) The Public-Safe Output Register shall be linked, where applicable, to Evidence Register entries, Source Comparison Records, Dataset Register entries, Model Register entries, System Card entries, Benchmark Card entries, Evaluation Harness Records, Inference Records, Human Review Records, Retrieval and Embedding Records, Compute Workload Records, Compute Environment Records, Method Register entries, Observability Register entries, Ontology and Controlled Vocabulary Register entries, Output Class Register entries, Proof Receipt Records, AI Incident Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.29.8(f) The Public-Safe Output Register shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.29.8(g) Where a public-safe output is corrected, superseded, withdrawn, retracted, restricted, deprecated, archived, or discovered to be misused, the Public-Safe Output Register shall be updated promptly and affected dependencies shall be reviewed.

8.29.8(h) The controlling rule shall be that public-safe outputs must be registered because externally released evidence must remain findable, versioned, bounded, monitored, and correctable.

***

8.29.9 Public-Safe Output Monitoring and Misuse Detection.\
8.29.9(a) GCRI Canada shall monitor material public-safe outputs for misuse, overclaim, stale use, unauthorized reuse, boundary-language removal, public authority implication, finance implication, certification implication, recognition implication, protocol implication, procurement implication, provider preference, sponsor validation, public warning implication, emergency-command implication, protected knowledge exposure, privacy risk, cybersecurity risk, sovereign data risk, and public trust risk.

8.29.9(b) Monitoring may include review of public websites, repositories, dashboards, maps, APIs, media references, sponsor materials, provider materials, public authority materials, GRF materials, GRA materials, Protocol Authority materials, event materials, social summaries, citations, third-party summaries, downloadable files, API logs, dashboard logs, map logs, and public claims where lawful and proportionate.

8.29.9(c) Misuse may include quoting public-safe outputs without limitations, removing boundary language, converting confidence scores into ratings, converting benchmark results into rankings, converting Proof Receipts into approval, converting public authority participation into endorsement, converting GRA inputs into finance-readiness, converting GRF inputs into recognition, converting Protocol Authority inputs into protocol effect, converting technical notes into certification, or converting dashboards and maps into public warnings.

8.29.9(d) Misuse may also include unauthorized translation, misleading excerpting, stale citation, use of superseded versions, use of withdrawn materials, reuse of retracted claims, scraping of public APIs beyond permitted use, re-identification attempts, geospatial misuse, protected knowledge extraction, source exposure, provider marketing misuse, sponsor marketing misuse, or public authority overstatement.

8.29.9(e) Where misuse is detected or reasonably suspected, GCRI Canada shall assess severity, audience, reliance, affected outputs, affected boundaries, public visibility, data exposure, public authority effect, finance effect, provider effect, sponsor effect, community effect, protected knowledge effect, legal effect, and downstream dependencies.

8.29.9(f) Corrective action may include direct correction request, public-safe clarification, controlled notice, repository correction, dashboard notice, map notice, API restriction, terms-of-use enforcement, removal request, sponsor correction, provider correction, public authority interface clarification, GRF interface clarification, GRA interface clarification, Protocol Authority interface clarification, withdrawal, retraction, access restriction, interface suspension, contract remedy, or legal action where appropriate.

8.29.9(g) Monitoring shall not be used for retaliation, improper surveillance, political targeting, community targeting, labor control, sponsor comfort, provider comfort, suppression of good-faith criticism, or avoidance of public accountability.

8.29.9(h) The controlling rule shall be that public-safe release is not the end of responsibility; GCRI Canada must monitor whether public outputs are being turned into unsafe meaning.

***

8.29.10 Public-Safe Output Assurance.\
8.29.10(a) GCRI Canada shall maintain public-safe output assurance practices to test whether public-safe Truth Engine, compute, AI, Verifiable Intelligence, Observatory, dashboard, map, API, dataset, report, technical note, public-good software, technical baseline, Academy, public authority learning, GRF-facing, GRA-facing, Protocol Authority-facing, provider-facing, sponsor-facing, host-facing, community-facing, media, and public claim outputs remain accurate, bounded, public-safe, limitation-aware, correctionable, and consistent with GCRI Canada’s mandate.

8.29.10(b) Public-safe output assurance may include sampling of released outputs, review of public-safe review records, source-lineage checks, citation checks, confidence and uncertainty checks, limitation checks, boundary-language checks, dashboard checks, map checks, API checks, dataset checks, metadata checks, translation checks, accessibility checks, public authority boundary checks, finance-boundary checks, provider-neutrality checks, sponsor non-control checks, protected knowledge checks, privacy checks, cybersecurity checks, sovereign data checks, and correction-path checks.

8.29.10(c) Assurance shall prioritize high-visibility outputs, high-consequence outputs, public authority-relevant outputs, finance-relevant outputs, GRF-relevant outputs, GRA-relevant outputs, Protocol Authority-relevant outputs, dashboards, maps, APIs, datasets, benchmark summaries, Proof Receipt summaries, AI-generated summaries, provider-relevant outputs, sponsor-relevant outputs, community-facing outputs, protected knowledge-relevant outputs, corrected outputs, disputed outputs, superseded outputs, and outputs with significant downstream dependencies.

8.29.10(d) Public-safe output assurance findings may require correction, supersession, withdrawal, retraction, relabeling, revised boundary language, revised confidence treatment, revised uncertainty treatment, revised limitation statements, dashboard revision, map revision, API revision, dataset revision, repository revision, publication update, public-safe correction notice, controlled notice, access restriction, training update, method update, model update, retrieval update, output-class update, or Board or committee reporting where material.

8.29.10(e) GCRI Canada may produce public-safe assurance summaries describing review scope, review period, output categories reviewed, correction posture, public-safe publication posture, boundary posture, model-use posture, dashboard posture, map posture, API posture, dataset posture, material improvement priorities, and corrective action progress, provided that assurance is not overstated and restricted details are not disclosed.

8.29.10(f) Public-safe output assurance shall not be represented as certification, recognition, finance-readiness, investment advice, public authority approval, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning authority, emergency-command authority, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution readiness.

8.29.10(g) Where assurance identifies systemic public-safe weakness, GCRI Canada shall update public-safe review procedures, controlled vocabulary, model controls, retrieval controls, dataset controls, dashboard controls, map controls, API controls, publication controls, human review training, boundary language, correction procedures, and governance reporting as appropriate.

8.29.10(h) The controlling rule shall be that public-safe output assurance exists to keep external outputs trustworthy over time, not to certify them as final, official, financial, authoritative, or executable.

### 8.30 Interfaces With Nexus Observatory

8.30.1 Truth Engine and Observatory Evidence Interfaces.\
8.30.1(a) GCRI Canada may maintain interfaces between the Nexus Truth Engine and the Nexus Observatory for the purpose of supporting evidence integrity, source comparison, observability, confidence treatment, uncertainty treatment, public-safe outputs, technical learning, public authority learning, correction, and Nexus-wide public-good intelligence within GCRI Canada’s non-executing mandate.

8.30.1(b) Truth Engine and Observatory interfaces may connect evidence records, source records, observability records, sensor records, AI-RAN records, O-RAN records, private wireless records, DePIN telemetry records, cyber records, geospatial records, Earth observation records, satellite records, digital twin records, dashboard records, map records, public authority context records, community context records, provider records, sponsor records, host records, university or laboratory records, public-safe outputs, controlled annexes, Evidence Packs, Decision Packs, and correction records.

8.30.1(c) The Truth Engine may support Observatory interfaces by providing source comparison logic, corroboration logic, contradiction logic, dispute handling, confidence scoring, uncertainty treatment, limitation treatment, inference records, model records, dataset records, compute records, public-safe classification, and correction pathways.

8.30.1(d) The Nexus Observatory may support Truth Engine interfaces by providing observability evidence, signal context, node context, hub context, cluster context, hotspot context, regional cluster context, national dense core context, degraded-mode context, resilience indicators, continuity indicators, geospatial layers, dashboard states, map states, sensor-state records, public authority context, community context, and field-observation context.

8.30.1(e) Interfaces under this section shall preserve source lineage, data lineage, method versioning, model governance, compute workload records, output class controls, public-safe status, access class, handling class, confidence, uncertainty, limitations, dependency links, and correction paths.

8.30.1(f) Truth Engine and Observatory interfaces shall not create public warning, emergency command, infrastructure operation, surveillance authority, public authority decision, procurement approval, finance-readiness, recognition, certification, protocol effect, provider endorsement, sponsor approval, rating, guarantee, operational clearance, legal status, market authority, or execution consequence by default.

8.30.1(g) Where a Truth Engine or Observatory interface is at risk of being misread as live operational control, public warning, emergency-management system, infrastructure command, public authority system, provider-performance ranking, sponsor validation, or execution platform, GCRI Canada shall relabel, restrict, redesign, reclassify, suspend, or refuse the interface or output.

8.30.1(h) The controlling rule shall be that Truth Engine and Observatory interfaces may strengthen public-good observability and evidence meaning, but they shall not convert GCRI Canada into an operator, public authority, warning issuer, or execution actor.

***

8.30.2 Compute Workload Records for Observatory Data.\
8.30.2(a) GCRI Canada shall maintain, or cause to be maintained, Compute Workload Records for material compute involving Nexus Observatory data, Observatory outputs, Observatory dashboards, Observatory maps, Observatory models, Observatory digital twins, Observatory simulations, Observatory APIs, Observatory public-safe summaries, and Observatory controlled annexes.

8.30.2(b) Compute Workload Records for Observatory data shall identify workload title or identifier, purpose, owner, custodian, steward, data inputs, data sources, source lineage, observability source, dataset records, model records, method records, environment, jurisdiction, compute location, provider where any, public authority status, community status, protected knowledge status, public-safe status, access class, handling class, confidence effect, uncertainty effect, limitation effect, and correction path.

8.30.2(c) Observatory compute workloads may include sensor fusion, AI-RAN signal processing, O-RAN signal processing, private wireless signal processing, DePIN telemetry processing, cyber log analysis, geospatial analysis, Earth observation processing, satellite data processing, digital twin simulation, anomaly detection, degraded-mode analysis, resilience indicator generation, node analysis, hub analysis, cluster analysis, hotspot analysis, regional cluster analysis, national dense core analysis, dashboard generation, map generation, public-safe summarization, and correction review.

8.30.2(d) Material Observatory compute shall identify whether data are raw, processed, derived, inferred, model-generated, sensor-generated, public authority-supplied, community-supplied, provider-supplied, sponsor-supplied, host-supplied, university-supplied, satellite-derived, digital twin-derived, or public-safe summarized.

8.30.2(e) Compute Workload Records shall identify permissions, lawful basis where applicable, public authority restrictions, privacy restrictions, cybersecurity restrictions, sovereign data restrictions, community restrictions, Indigenous or protected knowledge restrictions, provider-use limits, sponsor-use limits, publication limits, transfer limits, retention status, deletion status, sealing status, archive status, and dependency links.

8.30.2(f) Observatory compute shall not be treated as valid merely because data are real-time, high-volume, machine-generated, geospatially precise, sensor-derived, dashboard-visible, public authority-relevant, provider-supplied, sponsor-supported, cryptographically logged, or technically sophisticated.

8.30.2(g) Where a material Observatory compute workload lacks adequate source lineage, permission, classification, environment authority, review, public-safe status, or correction path, GCRI Canada shall hold, restrict, rerun, reclassify, correct, exclude, or refuse the workload before material output use.

8.30.2(h) The controlling rule shall be that Observatory data may become decision-grade evidence only through recorded, permissioned, scoped, reviewed, safeguarded, public-safe, and correctionable compute.

***

8.30.3 AI-RAN, Sensor, DePIN, Cyber, Geospatial, Digital Twin, and Dashboard Outputs.\
8.30.3(a) GCRI Canada may support AI-RAN, O-RAN, private wireless, sensor, reference sensor, DePIN, cyber, geospatial, Earth observation, satellite, digital twin, simulation, dashboard, map, API, and observability outputs through Nexus Observatory interfaces, provided such outputs remain evidence-supporting, public-safe where externally released, and non-executing by default.

8.30.3(b) AI-RAN, O-RAN, and private wireless outputs shall identify signal source, network context, device or node context where safe and material, timestamp, location or safe-location treatment, calibration where applicable, operator context where any, provider context where any, public authority context where any, signal confidence, uncertainty, limitations, spoof risk, outage risk, degraded-mode status, and correction path.

8.30.3(c) Sensor and reference sensor outputs shall identify sensor identity where safe, sensor class, calibration status, custody, placement context, timestamp, location or safe-location treatment, sampling method, measurement limitations, data quality, missing data, failure mode, confidence, uncertainty, and correction path.

8.30.3(d) DePIN telemetry outputs shall identify telemetry source, node type, network role where safe, custody, validator or contributor status where material, data quality, tamper risk, incentive risk, provider risk, sponsor risk, timestamp, geography, confidence, uncertainty, limitations, and correction path.

8.30.3(e) Cyber outputs shall identify log source, system context where safe, cyber-sensitive classification, vulnerability sensitivity, exploit sensitivity, credential sensitivity, incident-adjacent status, public-safe disclosure status, confidence, uncertainty, limitations, and correction path.

8.30.3(f) Geospatial, Earth observation, satellite, and map outputs shall identify data source, spatial resolution, temporal resolution, processing method, projection treatment where material, safe-location treatment, sensitive-site treatment, infrastructure-sensitive treatment, community-identifiability treatment, public-safe status, confidence, uncertainty, limitations, and correction path.

8.30.3(g) Digital twin and simulation outputs shall identify model purpose, scenario, assumptions, input data, calibration status, validation status, sensitivity analysis where material, uncertainty propagation, limitations, public-safe status, and correction path.

8.30.3(h) Dashboard outputs shall identify data source, update cadence, stale-data treatment, indicator meaning, score meaning where any, color meaning where any, confidence display, uncertainty display, limitation display, public-safe status, no-public-warning status, public authority boundary, finance boundary, provider-neutrality boundary, sponsor non-control boundary, and correction path.

8.30.3(i) Outputs under this section shall not create public warning, emergency command, infrastructure operation, public authority decision, procurement approval, finance-readiness, recognition, certification, protocol effect, provider endorsement, sponsor approval, rating, guarantee, operational clearance, legal status, market authority, or execution consequence by default.

8.30.3(j) The controlling rule shall be that Observatory technical outputs are evidence artifacts whose meaning depends on source, method, context, confidence, uncertainty, safeguards, public-safe status, and correction path.

***

8.30.4 Observatory Node, Hub, Cluster, Hotspot, Regional Cluster, and National Dense Core Evidence Flows.\
8.30.4(a) GCRI Canada may support evidence flows relating to Observatory nodes, hubs, clusters, hotspots, regional clusters, national dense Nexus cores, cross-border regions, corridor contexts, infrastructure contexts, public authority contexts, community contexts, and technology-domain contexts.

8.30.4(b) Node evidence flows shall identify the relevant observability node, source records, data classes, evidence classes, public-safe status, public authority context, community context, provider context, sponsor context, host context, system context, confidence, uncertainty, limitations, and correction path.

8.30.4(c) Hub evidence flows shall identify how multiple nodes, datasets, sensors, public authority contexts, community contexts, providers, hosts, universities, or Nexus interfaces relate within a recorded hub context without creating legal merger, public authority delegation, provider preference, sponsor control, or execution authority.

8.30.4(d) Cluster evidence flows shall identify the basis for treating records, signals, places, technologies, systems, risks, actors, or outputs as clustered, including whether clustering is geographic, technical, operational, ecological, institutional, public authority-facing, community-facing, risk-based, resilience-based, or evidence-based.

8.30.4(e) Hotspot evidence flows shall identify the evidence basis, source confidence, uncertainty, temporal limits, spatial limits, public-safe limits, dashboard or map treatment, public warning boundary, emergency command boundary, public authority boundary, and correction path for any hotspot designation, label, visualization, or public-safe summary.

8.30.4(f) Regional cluster and national dense core evidence flows shall identify regional or national context, public authority context, sovereign data context, community context, infrastructure context, technology context, host context, provider context, sponsor context, capital-reader context where any, and Nexus interface context, while preserving legal separateness and non-execution.

8.30.4(g) Evidence flows under this section shall not imply official geographic designation, public authority classification, public warning, emergency zone, procurement area, investment zone, certified cluster, recognized status, protocol status, provider market, sponsor territory, or execution mandate by default.

8.30.4(h) Where Observatory node, hub, cluster, hotspot, regional cluster, or national dense core language is used publicly, GCRI Canada shall apply controlled vocabulary, public-safe explanation, confidence, uncertainty, limitations, boundary language, and correction path sufficient to prevent overclaim.

8.30.4(i) The controlling rule shall be that Observatory spatial and network concepts are evidence-organizing constructs, not public authority designations, financial zones, certified markets, warning areas, or execution instructions by default.

***

8.30.5 Observatory Source Comparison and Confidence Logic.\
8.30.5(a) GCRI Canada may apply Truth Engine source comparison and confidence logic to Observatory sources, including sensors, reference sensors, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, cyber logs, geospatial data, Earth observation, satellite data, digital twins, simulations, operator observations, field observations, public authority context, community context, university or laboratory outputs, provider systems, sponsor-supplied data, host data, and historical records.

8.30.5(b) Source comparison shall assess source independence, source authority, source reliability, source timeliness, source permission, source bias, source completeness, source custody, calibration where applicable, location integrity, timestamp integrity, processing history, public-safe status, and correction history.

8.30.5(c) Observatory confidence logic shall consider source quality, corroboration, independence, calibration, timeliness, completeness, reproducibility where appropriate, review status, model evaluation, signal quality, spoof risk, tamper risk, cyber risk, geospatial precision, digital twin validation, provider influence, sponsor influence, public authority context, community context, and known limitations.

8.30.5(d) Confidence shall be paired with uncertainty. Observatory outputs shall identify material measurement uncertainty, model uncertainty, source uncertainty, temporal uncertainty, spatial uncertainty, statistical uncertainty, operational uncertainty, public authority uncertainty, community uncertainty, protected knowledge uncertainty, legal uncertainty, and interpretive uncertainty where applicable.

8.30.5(e) Conflicting Observatory sources shall not be automatically reconciled by AI or dashboard logic. Contradiction shall be treated as an evidence event requiring review, qualification, downgrade, dispute handling, source re-check, correction, or controlled-room treatment where appropriate.

8.30.5(f) Missing, stale, spoofed, tampered, corrupted, incomplete, contested, or synthetic Observatory sources shall trigger confidence downgrade, uncertainty notation, limitation statements, review, restriction, or correction proportionate to risk.

8.30.5(g) Confidence scores, indicators, labels, dashboard colors, hotspot markers, cluster markers, degraded-mode indicators, resilience indicators, or public-safe summaries shall not be used as ratings, certifications, public warnings, emergency commands, public authority decisions, procurement signals, finance-readiness signals, provider rankings, sponsor validations, protocol effects, or execution signals by default.

8.30.5(h) The controlling rule shall be that Observatory confidence is evidence-quality context, not authority, rating, warning, finance signal, certification, or execution instruction.

***

8.30.6 Observatory Public-Safe Output Controls.\
8.30.6(a) GCRI Canada shall apply public-safe output controls to material Nexus Observatory outputs before external release, including dashboards, maps, reports, technical notes, APIs, datasets, public-safe summaries, Academy materials, public authority learning outputs, GRF-facing outputs, GRA-facing outputs, Protocol Authority-facing outputs, provider-facing outputs, sponsor-facing outputs, host-facing outputs, community-facing outputs, media materials, repository materials, website materials, and public claims.

8.30.6(b) Public-safe review shall assess whether Observatory outputs disclose or enable misuse of personal information, rights-bearing data, public authority restricted information, cyber-sensitive information, infrastructure-sensitive information, sovereign data, finance-sensitive information, community-protected information, Indigenous or protected knowledge, confidential source information, sensitive locations, critical infrastructure details, security telemetry, exploit details, degraded-mode vulnerabilities, credentials, secrets, keys, tokens, controlled technology, export-controlled material, or unsafe metadata.

8.30.6(c) Observatory public-safe outputs shall be reviewed for public warning implication, emergency-command implication, public authority implication, finance implication, procurement implication, certification implication, recognition implication, protocol implication, provider preference, sponsor validation, infrastructure-operation implication, and execution implication.

8.30.6(d) Maps and dashboards shall be reviewed for geospatial precision, drill-down functions, export functions, API exposure, color scales, icons, labels, alerts, hotspot markers, cluster markers, confidence displays, uncertainty displays, timestamps, stale-data indicators, source descriptions, boundary language, and correction status.

8.30.6(e) Where full Observatory evidence cannot be publicly released without unsafe disclosure, GCRI Canada may use aggregation, generalization, safe-location treatment, redaction, delayed release, controlled annexes, controlled-room review, public-safe summaries, responsible non-disclosure, or no-publication treatment.

8.30.6(f) Observatory outputs released externally shall include or preserve, where material, confidence, uncertainty, limitations, public-safe omissions, responsible non-disclosure basis, permitted use, prohibited use, no-public-warning language, no-public-authority language, no-finance language, no-procurement language, no-certification language, no-recognition language, no-protocol-effect language, no-endorsement language, and correction path.

8.30.6(g) Public-safe approval for an Observatory output shall be limited to the specific output, version, audience, channel, dashboard state, map state, API version, dataset version, boundary language, and correction path reviewed.

8.30.6(h) The controlling rule shall be that Observatory outputs must be safe not only in what they reveal, but in what audiences may think the revealed information authorizes.

***

8.30.7 Observatory Data Sovereignty, Privacy, Cybersecurity, Public Authority, Community, and Protected Knowledge Controls.\
8.30.7(a) GCRI Canada shall apply data sovereignty, privacy, cybersecurity, public authority, community, Indigenous, protected knowledge, legal, export-control, sanctions, controlled-technology, provider-neutrality, sponsor non-control, and public-safe controls to material Observatory data and Observatory interfaces.

8.30.7(b) Sovereign data controls shall identify data residency, localization, cross-border transfer status, compute-to-data requirements, public authority data zones, Indigenous data considerations, community data safeguards, national data infrastructure requirements, jurisdictional access limits, cloud-region limits, support-access limits, backup location, archive location, and deletion or sealing obligations.

8.30.7(c) Privacy controls shall identify personal information status, rights-bearing data status, re-identification risk, inference risk, location privacy, household or small-group identifiability, vulnerable-person exposure, metadata exposure, purpose limitation, minimization, access restrictions, retention, deletion, redaction, aggregation, and public-safe treatment.

8.30.7(d) Cybersecurity controls shall identify cyber-sensitive data, infrastructure-sensitive data, security telemetry, vulnerability-sensitive information, exploit-sensitive information, credential exposure risk, repository risk, API risk, dashboard risk, map risk, access controls, monitoring, logging, incident handling, and public-safe cyber disclosure controls.

8.30.7(e) Public authority controls shall identify public authority source, capacity classification, official or non-official status, data-sharing authority, access restrictions, publication restrictions, agency reference controls, non-delegation language, non-endorsement language, non-regulatory language, non-procurement language, non-funding language, non-public-finance language, non-warning language, non-emergency-command language, and correction path.

8.30.7(f) Community and Indigenous controls shall identify community protocol, Indigenous protocol where applicable, consent or non-consent where applicable, territorial context, cultural context, environmental knowledge context, sensitive-site treatment, protected knowledge restrictions, public-safe mapping limits, source protection, withdrawal or challenge pathway where applicable, and do-no-harm controls.

8.30.7(g) Provider and sponsor controls shall identify provider-supplied data, sponsor-supplied data, host-supplied data, benchmark context, validation-sprint context, conflict status, influence controls, permitted uses, prohibited uses, publication limits, provider-neutrality language, sponsor non-control language, and correction path.

8.30.7(h) Where controls under this section are incomplete, stale, untested, failed, or no longer proportionate to risk, GCRI Canada shall hold, restrict, reclassify, secure, correct, suspend, withdraw, or refuse affected Observatory data, workflows, dashboards, maps, APIs, outputs, or interfaces.

8.30.7(i) The controlling rule shall be that observability cannot be public-good observability unless it protects people, communities, public authorities, systems, sovereignty, knowledge, security, and trust.

***

8.30.8 Observatory Incident and Correction Signals.\
8.30.8(a) GCRI Canada shall maintain pathways for Observatory incident and correction signals where Nexus Observatory data, systems, dashboards, maps, APIs, models, sensors, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, cyber records, geospatial records, digital twin outputs, public-safe outputs, or interface records are inaccurate, unsafe, stale, misclassified, disputed, overclaimed, corrupted, spoofed, tampered with, inaccessible, incomplete, or no longer fit for purpose.

8.30.8(b) Observatory incident signals may include sensor failure, calibration failure, timestamp mismatch, location mismatch, signal spoofing, telemetry tampering, cyber log corruption, unauthorized access, data leakage, dashboard error, map error, API error, model drift, digital twin mismatch, false hotspot, false cluster, stale indicator, public-safe output defect, public authority boundary breach, finance-boundary breach, provider-preference risk, sponsor-validation risk, protected knowledge exposure, community harm risk, or public warning implication.

8.30.8(c) Correction signals may include source correction, dataset correction, model correction, method correction, compute correction, inference correction, confidence change, uncertainty change, limitation change, geospatial correction, dashboard revision, map revision, API revision, public-safe reclassification, output supersession, output withdrawal, output retraction, dependency correction, or notice requirement.

8.30.8(d) Observatory incident and correction signals shall be routed to the appropriate evidence, method, model, dataset, compute, inference, public-safe, privacy, cybersecurity, public authority, safeguards, finance-boundary, provider-neutrality, sponsor non-control, legal, and governance review pathways.

8.30.8(e) Where an Observatory incident affects public-facing dashboards, maps, reports, APIs, datasets, technical notes, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider materials, sponsor materials, community-facing materials, media materials, or public claims, GCRI Canada shall conduct downstream dependency review and determine whether correction, restriction, supersession, withdrawal, retraction, public-safe notice, controlled notice, or interface suspension is required.

8.30.8(f) Observatory incident and correction signals shall not be suppressed because they may be reputationally uncomfortable, sponsor-sensitive, provider-sensitive, public authority-sensitive, finance-sensitive, media-sensitive, technically burdensome, program-disruptive, or inconvenient.

8.30.8(g) Incident and correction signals shall not themselves create public warnings, emergency commands, public authority decisions, finance-readiness, recognition, certification, protocol effect, procurement consequences, provider penalties, sponsor findings, operational commands, or execution consequences by default.

8.30.8(h) The controlling rule shall be that Observatory interfaces must be able to signal error and correction quickly without becoming the authority that acts on the signal.

***

8.30.9 Observatory Interface Records.\
8.30.9(a) GCRI Canada shall maintain, or cause to be maintained, Observatory Interface Records for material interfaces between GCRI Canada systems, Nexus Truth Engine systems, Verifiable Compute systems, Verifiable Intelligence systems, Nexus Observatory systems, dashboards, maps, APIs, datasets, public authority rooms, GRF interfaces, GRA interfaces, Protocol Authority interfaces, provider interfaces, sponsor interfaces, host interfaces, community interfaces, and Nexus interface records.

8.30.9(b) Observatory Interface Records shall identify interface title or identifier, purpose, owner, custodian, steward, source systems, receiving systems, source data, output data, data classes, evidence classes, public-safe status, access class, handling class, public authority status, community status, protected knowledge status, provider status, sponsor status, jurisdiction, transfer status, compute records, model records, dataset records, method records, inference records where applicable, dashboard records, map records, API records, and correction path.

8.30.9(c) Interface Records shall identify permitted flows, prohibited flows, approved users, approved systems, prohibited users, prohibited systems, approved output classes, prohibited output classes, approved audiences, prohibited audiences, retrieval permissions, embedding permissions, API permissions, export permissions, publication permissions, logging requirements, monitoring requirements, retention treatment, deletion treatment, sealing treatment, archive treatment, and incident path.

8.30.9(d) Interface Records shall identify boundary language and role separation, including GCRI Canada’s evidence-and-methods role, Observatory evidence role, GRF recognition boundary, GRA finance boundary, Protocol Authority boundary, public authority boundary, provider-neutrality boundary, sponsor non-control boundary, public warning boundary, infrastructure-operation boundary, and non-execution boundary.

8.30.9(e) Interface Records shall be reviewed on schedule and upon material change, including new source, new dataset, new model, new compute environment, new dashboard, new map, new API, new output class, new audience, new public authority use, new finance-facing use, new GRF use, new GRA use, new Protocol Authority use, new provider use, new sponsor use, new community use, new protected knowledge concern, new incident, new correction, or new downstream dependency.

8.30.9(f) Where an Observatory interface is unauthorized, misclassified, insecure, unlogged, unreviewed, stale, overbroad, public-safe defective, public authority defective, finance-boundary defective, provider-neutrality defective, sponsor-control defective, protected-knowledge defective, or no longer fit for purpose, GCRI Canada shall restrict, reclassify, correct, suspend, retire, or refuse the interface.

8.30.9(g) Observatory Interface Records shall be linked, where applicable, to Evidence Register entries, Source Comparison Records, Dataset Register entries, Model Register entries, System Card entries, Benchmark Card entries, Evaluation Harness Records, Inference Records, Human Review Records, Retrieval and Embedding Records, Compute Workload Records, Compute Environment Records, Method Register entries, Observability Register entries, Ontology and Controlled Vocabulary Register entries, Output Class Register entries, Proof Receipt Records, AI Incident Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.30.9(h) Observatory Interface Records shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.30.9(i) The controlling rule shall be that Observatory interfaces must be recorded because observability evidence becomes trustworthy only when its flows, systems, audiences, boundaries, and correction paths are visible.

***

8.30.10 No Infrastructure Operation or Public Warning by GCRI Canada Through Observatory Interface.\
8.30.10(a) GCRI Canada shall not become an infrastructure operator, telecommunications operator, AI-RAN operator, O-RAN operator, private wireless operator, DePIN operator, cyber operator, geospatial infrastructure operator, Earth observation operator, digital twin operator, sensor network operator, dashboard command operator, emergency-management operator, public warning issuer, public authority, regulator, procurement actor, finance actor, certification body, recognition body, Protocol Authority, provider, sponsor, host, National Company, Project SPV, or execution actor through any Nexus Observatory interface by default.

8.30.10(b) Observatory interfaces, dashboards, maps, indicators, hotspots, node records, hub records, cluster records, regional cluster records, national dense core records, AI-RAN signals, O-RAN signals, DePIN telemetry, cyber records, geospatial records, digital twin outputs, resilience indicators, degraded-mode indicators, or public-safe summaries shall not constitute infrastructure operation, operational control, incident command, public warning, emergency command, regulatory action, public authority decision, procurement decision, finance-readiness, certification, recognition, protocol effect, provider endorsement, sponsor approval, rating, guarantee, operational clearance, legal status, market authority, or execution consequence by default.

8.30.10(c) GCRI Canada may support evidence, methods, observability logic, technical baselines, public-good software, public-safe interpretation, public authority learning, GRF inputs, GRA inputs, Protocol Authority support, Rails handoffs, Grid inputs, Academy materials, and correction records through Observatory interfaces, but shall not direct infrastructure action, operate infrastructure, command emergency response, issue public alerts, regulate providers, allocate procurement, approve projects, finance projects, or execute deployments.

8.30.10(d) Public authority actors, infrastructure operators, providers, hosts, National Companies, Project SPVs, emergency-management actors, regulators, procurement actors, finance actors, and other downstream actors remain responsible for their own decisions, operations, authorities, systems, duties, liabilities, and records.

8.30.10(e) Where an Observatory interface is used by a competent downstream actor within its own lawful process, such use shall remain the downstream actor’s own use and shall not be attributed to GCRI Canada as public authority, operational control, finance action, procurement action, certification, recognition, protocol effect, warning, command, or execution.

8.30.10(f) Observatory outputs shall include boundary language where material to state that GCRI Canada outputs are evidence-supporting, observability-supporting, learning-supporting, public-safe, and correctionable, and are not public warnings, emergency commands, public authority decisions, infrastructure commands, procurement approvals, finance-readiness determinations, certifications, recognitions, protocol effects, provider endorsements, sponsor approvals, or execution instructions.

8.30.10(g) Where any person misuses an Observatory interface or output to imply infrastructure operation, public warning, emergency command, public authority meaning, finance-readiness, certification, recognition, protocol effect, procurement approval, provider endorsement, sponsor approval, operational clearance, or execution consequence by GCRI Canada, GCRI Canada shall correct, relabel, restrict, withdraw, reissue, require removal of misleading references, notify affected interfaces where appropriate, suspend the interface where required, or pursue contract or legal remedies where appropriate.

8.30.10(h) The controlling rule shall be that the Nexus Observatory may make systems more observable, but observability is not operation, warning, command, approval, finance, certification, recognition, protocol effect, or execution.

### 8.31 Interfaces With GRF, GRA, and Protocol Authority

8.31.1 Truth Engine Inputs to GRF.\
8.31.1(a) GCRI Canada may provide Nexus Truth Engine inputs to The Global Risks Forum (GRF) for claims discipline, evidence support, Docket support, Grid support, maturity-context support, public-safe reporting support, stakeholder formation support, registry support, recognition-supporting analysis, public-facing legitimacy support, correction support, and public-good learning, provided that such inputs remain within GCRI Canada’s evidence, methods, observability, ontology, Verifiable Compute, Verifiable Intelligence, public-safe publication, and correction mandate.

8.31.1(b) Truth Engine inputs to GRF may include source comparison records, evidence records, confidence records, uncertainty records, limitation statements, dispute records, challenge records, correction records, Evidence Packs, Decision Packs, public-safe summaries, controlled annexes, observability records, AI-supported analyses, compute records, dataset records, model records, system records, benchmark records, Proof Receipt Records, and dependency records.

8.31.1(c) Truth Engine inputs to GRF shall identify, where material, source lineage, data lineage, method version, ontology terms, controlled vocabulary terms, model use, compute workload, human review status, output class, access class, handling class, public-safe status, confidence, uncertainty, limitations, permitted use, prohibited use, correction path, supersession path, withdrawal path, retraction path where applicable, and dependency links.

8.31.1(d) Truth Engine inputs to GRF shall not constitute GRF recognition, GRF standing, GRF maturity record, GRF claims approval, GRF registry status, GRF public-facing legitimacy, GRF stakeholder formation status, GRF public-safe reporting status, or GRF decision by GCRI Canada.

8.31.1(e) GRF may use GCRI Canada Truth Engine inputs only within GRF’s own authority, procedures, records, review controls, boundary language, claims-discipline rules, maturity-record rules, public-safe publication rules, recognition rules where applicable, and correction paths.

8.31.1(f) Where Truth Engine inputs are prepared for GRF, GCRI Canada shall preserve the distinction between evidence support and recognition authority. Terms such as “recognized,” “standing,” “maturity,” “validated,” “verified,” “approved,” “listed,” “registered,” “public-safe,” “claims-approved,” or similar status-like terms shall not be used beyond the record and shall not imply GRF action unless GRF has separately acted through proper authority.

8.31.1(g) Where a GRF-facing Truth Engine input is corrected, restricted, superseded, withdrawn, retracted, or materially reclassified, GCRI Canada shall notify or signal the relevant GRF interface where appropriate and review affected GRF-facing dependencies.

8.31.1(h) The controlling rule shall be that Truth Engine inputs may support GRF’s legitimacy and claims-discipline role, but GCRI Canada does not perform GRF recognition by providing evidence.

***

8.31.2 Truth Engine Inputs to GRA.\
8.31.2(a) GCRI Canada may provide Nexus Truth Engine inputs to The Global Risks Alliance (GRA) for risk evidence, resilience evidence, host readiness evidence, node evidence, Proof Pack support, insurance-readiness input support, capital-reader literacy support, RNFD input support, NFD input support, UNFSD input support, Rails handoff support, public-safe finance-boundary support, and correction support, provided that such inputs remain within GCRI Canada’s non-financial, non-advisory, non-rating, non-guaranteeing, evidence-and-methods mandate.

8.31.2(b) Truth Engine inputs to GRA may include Evidence Packs, Decision Packs, source comparison records, confidence records, uncertainty records, limitation statements, observability records, compute records, dataset records, model records, benchmark records, system records, Verifiable Intelligence records, Proof Receipt Records, public-safe summaries, controlled annexes, correction records, dependency records, and public-safe boundary-language materials.

8.31.2(c) Truth Engine inputs to GRA shall identify, where material, evidence class, data class, risk domain, resilience context, host context, node context, public-safe status, finance-safe status, public authority status, provider status, sponsor status, confidence, uncertainty, limitations, no-advice boundary, no-rating boundary, no-guarantee boundary, no-public-finance-approval boundary, permitted use, prohibited use, correction path, and dependency links.

8.31.2(d) Truth Engine inputs to GRA shall not constitute finance-readiness, capital-readiness, insurance-readiness, investment advice, securities recommendation, brokerage, placement, finder activity, lending decision, underwriting decision, insurance approval, rating, guarantee, public finance approval, bankability, fundability, capital commitment, credit quality, insurance quality, investment quality, financial suitability, or GRA decision by GCRI Canada.

8.31.2(e) GRA may use GCRI Canada Truth Engine inputs only within GRA’s own authority, procedures, records, finance-boundary controls, risk and resilience interpretation rules, Proof Pack rules where applicable, capital-reader literacy controls, public-safe controls, and correction paths.

8.31.2(f) Where Truth Engine inputs are prepared for GRA, GCRI Canada shall preserve the distinction between evidence support and finance-facing consequence. Terms such as “finance-ready,” “capital-ready,” “bankable,” “fundable,” “insured,” “underwritten,” “rated,” “guaranteed,” “approved,” “investment-ready,” “creditworthy,” or similar finance-status language shall not be used beyond recorded authority.

8.31.2(g) Where a GRA-facing Truth Engine input is corrected, restricted, superseded, withdrawn, retracted, or materially reclassified, GCRI Canada shall notify or signal the relevant GRA interface where appropriate and review affected finance-facing dependencies.

8.31.2(h) The controlling rule shall be that Truth Engine inputs may support GRA’s finance-boundary evidence discipline, but GCRI Canada does not create finance-readiness by providing evidence.

***

8.31.3 Truth Engine Inputs to Nexus Standards / Protocol Authority.\
8.31.3(a) GCRI Canada may provide Nexus Truth Engine inputs to Nexus Standards / Protocol Authority for evidence support, method support, ontology support, controlled vocabulary support, schema support, API support, technical baseline support, public-good software support, benchmark support, conformance-supporting analysis, proof-receipt architecture support, correction support, and public-safe protocol-adjacent learning.

8.31.3(b) Truth Engine inputs to Nexus Standards / Protocol Authority may include method records, source comparison records, evidence records, dataset records, model records, system records, benchmark records, evaluation harness records, compute records, inference records, Proof Receipt Records, observability records, ontology records, controlled vocabulary records, public-good software records, open technical baseline records, API schema records, dashboard records, map records, correction records, and dependency records.

8.31.3(c) Truth Engine inputs to Protocol Authority shall identify, where material, method version, schema version, ontology term, controlled vocabulary term, software version, API version, benchmark conditions, model version, dataset version, compute workload, output class, public-safe status, confidence, uncertainty, limitations, review status, permitted use, prohibited use, correction path, supersession path, withdrawal path, retraction path where applicable, and dependency links.

8.31.3(d) Truth Engine inputs to Protocol Authority shall not constitute protocol effect, certification, conformance determination, standards approval, Nexus-compatible status, role key, smart license, entitlement state, proof-receipt legal effect, external force, technical validity status, operational clearance, legal status, public authority decision, procurement approval, provider approval, sponsor approval, or execution authority by GCRI Canada.

8.31.3(e) Nexus Standards / Protocol Authority may use GCRI Canada Truth Engine inputs only within its own authority, procedures, records, protocol-effect rules, conformance rules, standards rules, technical baseline rules, controlled vocabulary rules, software release rules, proof-receipt rules, boundary language, and correction paths.

8.31.3(f) Where Truth Engine inputs are prepared for Protocol Authority, GCRI Canada shall preserve the distinction between technical evidence support and protocol consequence. Terms such as “verified,” “validated,” “conformant,” “certified,” “Nexus-compatible,” “protocol-ready,” “approved,” “role-keyed,” “licensed,” “entitled,” or similar protocol-status language shall not be used beyond recorded authority.

8.31.3(g) Where a Protocol Authority-facing Truth Engine input is corrected, restricted, superseded, withdrawn, retracted, or materially reclassified, GCRI Canada shall notify or signal the relevant Protocol Authority interface where appropriate and review affected protocol-facing dependencies.

8.31.3(h) The controlling rule shall be that Truth Engine inputs may support standards and protocol discipline, but GCRI Canada does not create protocol effect by providing evidence, methods, software, or proof receipts.

***

8.31.4 Verifiable Compute Records for GRF, GRA, and Protocol Authority Inputs.\
8.31.4(a) GCRI Canada shall maintain Verifiable Compute Records for material compute supporting GRF inputs, GRA inputs, and Protocol Authority inputs where compute materially affects evidence meaning, confidence, uncertainty, limitations, public-safe status, finance-boundary meaning, recognition-boundary meaning, protocol-boundary meaning, technical baseline meaning, benchmark meaning, dashboard meaning, map meaning, public claims, or downstream dependency.

8.31.4(b) Verifiable Compute Records for GRF, GRA, and Protocol Authority inputs shall identify workload title or identifier, purpose, owner, custodian, steward, requesting interface, receiving interface, source records, dataset records, model records, method records, code records, environment records, provider where any, jurisdiction, compute location, input classification, output classification, public-safe status, access class, handling class, confidence effect, uncertainty effect, limitation effect, boundary effect, review status, and correction path.

8.31.4(c) Compute supporting GRF inputs shall identify whether compute affects claims discipline, maturity-context evidence, Docket support, Grid support, public-safe reporting support, recognition-supporting analysis, stakeholder formation support, registry support, or correction support, and shall preserve the no-recognition-by-GCRI-Canada boundary.

8.31.4(d) Compute supporting GRA inputs shall identify whether compute affects risk evidence, resilience evidence, Proof Pack support, host readiness evidence, node evidence, finance-safe summaries, capital-reader literacy, RNFD input, NFD input, UNFSD input, insurance-readiness input support, or correction support, and shall preserve the no-finance-readiness-by-GCRI-Canada boundary.

8.31.4(e) Compute supporting Protocol Authority inputs shall identify whether compute affects method support, technical baseline support, conformance-supporting analysis, benchmark support, software support, schema support, API support, proof-receipt support, or correction support, and shall preserve the no-protocol-effect-by-GCRI-Canada boundary.

8.31.4(f) Verifiable Compute Records shall identify whether compute occurred in public cloud, private cloud, sovereign cloud, secure enclave, confidential computing environment, compute-to-data environment, air-gapped environment, controlled room, clean room, data room, university environment, public authority environment, provider environment, sponsor-supported environment, or other approved environment.

8.31.4(g) Where compute records are incomplete, stale, unreviewed, insecure, misclassified, cross-border defective, public-safe defective, finance-boundary defective, recognition-boundary defective, protocol-boundary defective, or correction-defective, GCRI Canada shall hold, restrict, rerun, qualify, correct, supersede, withdraw, or refuse affected interface inputs as appropriate.

8.31.4(h) The controlling rule shall be that GRF, GRA, and Protocol Authority inputs are only as strong as the compute records that explain how evidence-supporting outputs were produced.

***

8.31.5 Model, Dataset, System, and Benchmark Records for GRF, GRA, and Protocol Authority Inputs.\
8.31.5(a) GCRI Canada shall maintain Model, Dataset, System, and Benchmark Records for material GRF inputs, GRA inputs, and Protocol Authority inputs where models, datasets, systems, or benchmarks materially shape evidence meaning, public-safe status, interface meaning, boundary language, confidence, uncertainty, limitations, technical baselines, Proof Packs, Dockets, Grid inputs, dashboards, maps, APIs, public claims, or downstream dependencies.

8.31.5(b) Model Records shall identify model identity, model version, provider, purpose, permitted uses, prohibited uses, data access, retrieval sources, embedding stores, evaluation status, incident history, restriction status, human review requirements, output review requirements, public-safe status, interface compatibility, boundary limits, and correction path.

8.31.5(c) Dataset Records shall identify dataset identity, source, provenance, owner where known, custodian, steward, license, permissions, consent or non-consent treatment where applicable, data class, evidence class, public authority status, personal information status, health-sensitive status, cyber-sensitive status, infrastructure-sensitive status, sovereign data status, community-protected status, protected knowledge status, finance-sensitive status, export-control status, quality, limitations, permitted use, prohibited use, and correction path.

8.31.5(d) System Records shall identify system purpose, architecture, components, data flows, model flows, human roles, access controls, security controls, privacy controls, AI controls, public authority controls, finance-boundary controls, recognition-boundary controls, protocol-boundary controls, provider-neutrality controls, sponsor non-control controls, monitoring, incident history, change logs, and correction path.

8.31.5(e) Benchmark Records shall identify benchmark purpose, scope, dataset, method, conditions, metrics, limitations, bias treatment, failure modes, reproducibility status, negative tests, adversarial tests, edge cases, provider involvement, sponsor involvement, public authority observation where any, public-safe status, permitted claims, prohibited claims, and correction path.

8.31.5(f) Records under this section shall identify whether their use supports GRF claims discipline without recognition, GRA finance-boundary evidence without finance-readiness, or Protocol Authority methods without protocol effect.

8.31.5(g) Where model, dataset, system, or benchmark records are incomplete, stale, unreviewed, misclassified, unsafe, overclaimed, incident-affected, restriction-affected, or inconsistent with interface use, GCRI Canada shall hold, restrict, qualify, correct, rerun, supersede, withdraw, or refuse the affected input as appropriate.

8.31.5(h) The controlling rule shall be that interface inputs cannot be responsibly routed to GRF, GRA, or Protocol Authority unless the models, datasets, systems, and benchmarks shaping them are records-valid and boundary-valid.

***

8.31.6 Boundary Language for Recognition, Finance-Readiness, Protocol Effect, Certification, Public Authority Meaning, and Execution Consequence.\
8.31.6(a) GCRI Canada shall include boundary language in GRF-facing, GRA-facing, and Protocol Authority-facing Truth Engine inputs, Verifiable Compute records, Verifiable Intelligence outputs, Evidence Packs, Decision Packs, public-safe summaries, controlled annexes, dashboards, maps, APIs, datasets, technical notes, model records, dataset records, system records, benchmark records, Proof Receipt Records, public-good software records, and public claims where necessary to prevent unauthorized reliance.

8.31.6(b) Boundary language for GRF-facing inputs shall state or preserve, where material, that the input is evidence-supporting, claims-discipline-supporting, maturity-context-supporting, Docket-supporting, Grid-supporting, public-safe-reporting-supporting, or correction-supporting and does not constitute GRF recognition, standing, maturity record, claims approval, registry status, stakeholder formation, public-facing legitimacy, public-safe reporting status, or public claim approval by GCRI Canada.

8.31.6(c) Boundary language for GRA-facing inputs shall state or preserve, where material, that the input is evidence-supporting, risk-supporting, resilience-supporting, Proof Pack-supporting, insurance-readiness-input-supporting, capital-reader-literacy-supporting, RNFD-supporting, NFD-supporting, UNFSD-supporting, Rails-handoff-supporting, or correction-supporting and does not constitute finance-readiness, capital-readiness, insurance-readiness, investment advice, rating, guarantee, lending decision, underwriting decision, public finance approval, bankability, fundability, capital commitment, or financial suitability by GCRI Canada.

8.31.6(d) Boundary language for Protocol Authority-facing inputs shall state or preserve, where material, that the input is evidence-supporting, method-supporting, ontology-supporting, controlled-vocabulary-supporting, schema-supporting, API-supporting, software-supporting, benchmark-supporting, technical-baseline-supporting, conformance-supporting, proof-receipt-supporting, or correction-supporting and does not constitute protocol effect, certification, conformance determination, Nexus-compatible status, role key, smart license, entitlement state, standards approval, proof-receipt legal effect, external force, operational clearance, or execution authority by GCRI Canada.

8.31.6(e) Boundary language shall also state or preserve, where material, that inputs do not constitute public authority decisions, public warnings, emergency commands, regulatory approvals, procurement approvals, funding approvals, public finance approvals, provider endorsements, sponsor approvals, host approvals, legal status, professional advice, infrastructure operation, market authority, or execution consequence.

8.31.6(f) Boundary language shall be specific, visible, controlled-vocabulary-consistent, audience-appropriate, and linked to correction paths. It shall not be buried in generic boilerplate where foreseeable misuse requires more direct language.

8.31.6(g) Boundary language shall not be used to cure an input that is substantively unsafe, unsupported, misclassified, privacy-defective, cyber-defective, sovereign-data-defective, protected-knowledge-defective, public-safe defective, finance-boundary defective, recognition-boundary defective, protocol-boundary defective, provider-preferential, sponsor-controlled, or otherwise unfit for interface use.

8.31.6(h) The controlling rule shall be that every GRF, GRA, and Protocol Authority interface must make explicit what GCRI Canada evidence supports and what authority it does not exercise.

***

8.31.7 Shared Records Without Shared Liability.\
8.31.7(a) GCRI Canada may share records, receive records, reference records, link records, or maintain interoperable records with GRF, GRA, Nexus Standards / Protocol Authority, Nexus entities, public authorities, providers, sponsors, hosts, universities, National Companies, Project SPVs, communities, and other authorized actors, provided that shared records do not create shared liability, legal merger, agency, partnership, joint venture, fiduciary status, public authority delegation, finance delegation, recognition delegation, protocol delegation, procurement delegation, certification delegation, provider endorsement, sponsor control, or execution responsibility by default.

8.31.7(b) Shared records may include evidence records, source records, method records, dataset records, model records, compute records, inference records, human review records, public-safe review records, Proof Receipt Records, observability records, interface records, correction records, dependency records, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, and public claims records.

8.31.7(c) Each institution or actor shall remain responsible for its own authority, procedures, records, decisions, statements, outputs, publications, corrections, liabilities, and downstream uses unless an express written agreement states otherwise and such agreement is lawful, authorized, and consistent with GCRI Canada’s mandate.

8.31.7(d) GCRI Canada’s provision of evidence records, compute records, model records, dataset records, method records, benchmark records, Proof Receipts, public-safe summaries, controlled annexes, or correction signals shall not make GCRI Canada responsible for GRF recognition decisions, GRA finance-readiness processes, Protocol Authority protocol effects, public authority decisions, provider actions, sponsor claims, host operations, National Company execution, Project SPV execution, capital-reader decisions, procurement decisions, or third-party public claims.

8.31.7(e) Shared records shall preserve legal separateness, role separation, access class, handling class, public-safe status, data rights, confidentiality, public authority restrictions, finance boundaries, recognition boundaries, protocol boundaries, protected knowledge safeguards, provider-neutrality obligations, sponsor non-control obligations, correction paths, and auditability.

8.31.7(f) Where shared records are reused, excerpted, translated, embedded, retrieved, summarized, cited, published, or routed by another actor, such actor shall be responsible for ensuring that its use remains within its own authority and the record’s permitted-use limits.

8.31.7(g) Where shared-record misuse creates overclaim, unsafe disclosure, boundary breach, public authority confusion, finance confusion, recognition confusion, protocol confusion, provider preference, sponsor validation, or execution implication, GCRI Canada shall seek correction, clarification, restriction, withdrawal, retraction, interface suspension, or other remedy proportionate to risk.

8.31.7(h) The controlling rule shall be that record interoperability supports institutional coordination, but it does not merge institutions, transfer authority, or dissolve accountability boundaries.

***

8.31.8 Correction Signals, Downstream Dependency Notices, and Re-Issue.\
8.31.8(a) GCRI Canada shall maintain correction signals, downstream dependency notices, and re-issue pathways for Truth Engine inputs, Verifiable Compute records, Verifiable Intelligence outputs, model records, dataset records, system records, benchmark records, Proof Receipt Records, public-safe summaries, controlled annexes, Evidence Packs, Decision Packs, dashboards, maps, APIs, technical notes, and other materials shared with or prepared for GRF, GRA, or Protocol Authority.

8.31.8(b) Correction signals shall be issued or routed where shared or interface inputs become inaccurate, incomplete, misleading, stale, misclassified, overclaimed, source-defective, data-defective, method-defective, model-defective, compute-defective, inference-defective, confidence-defective, uncertainty-defective, limitation-defective, public-safe defective, finance-boundary defective, recognition-boundary defective, protocol-boundary defective, provider-neutrality defective, sponsor-control defective, protected-knowledge defective, privacy-defective, cyber-defective, sovereign-data-defective, or no longer fit for purpose.

8.31.8(c) Downstream dependency notices shall identify affected records, affected interface, affected output, prior version, corrected or superseding version where any, correction basis, effective date, scope of change, continuing limitations, revised confidence, revised uncertainty, revised classification, revised public-safe status, revised boundary language, permitted use, prohibited use, affected dependencies, and notice limitations where material.

8.31.8(d) Re-issue may be internal, controlled, public-safe, GRF-facing, GRA-facing, Protocol Authority-facing, public authority-facing, provider-facing, sponsor-facing, host-facing, community-facing, or public, depending on the original output class, affected audience, risk, legal restrictions, public-safe status, and correction need.

8.31.8(e) Where a correction affects GRF-facing inputs, GCRI Canada shall identify whether the correction may affect claims discipline, Docket support, Grid support, maturity-context support, public-safe reporting support, recognition-supporting analysis, stakeholder formation support, registry support, or public-facing legitimacy support.

8.31.8(f) Where a correction affects GRA-facing inputs, GCRI Canada shall identify whether the correction may affect risk evidence, resilience evidence, host readiness evidence, node evidence, Proof Pack support, insurance-readiness input support, capital-reader literacy, RNFD input, NFD input, UNFSD input, finance-safe summaries, or Rails handoffs.

8.31.8(g) Where a correction affects Protocol Authority-facing inputs, GCRI Canada shall identify whether the correction may affect method support, ontology support, controlled vocabulary, schema support, API support, software support, benchmark support, technical baseline support, conformance-supporting analysis, proof-receipt support, or correction support.

8.31.8(h) Correction signals and downstream dependency notices shall not themselves create recognition, finance-readiness, protocol effect, certification, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, operational clearance, legal status, market authority, infrastructure operation, or execution consequence.

8.31.8(i) The controlling rule shall be that interface evidence must remain correctable across institutional boundaries because downstream actors can rely on evidence long after the first record has changed.

***

8.31.9 Interface Agreement Requirements.\
8.31.9(a) GCRI Canada shall require appropriate interface agreements, interface records, memoranda, terms of reference, data-sharing records, records-use terms, controlled-room rules, public-safe publication rules, or equivalent written instruments for material interfaces with GRF, GRA, Nexus Standards / Protocol Authority, and other actors where records, evidence, data, models, compute outputs, Proof Receipts, public-safe outputs, controlled annexes, or correction signals are shared or relied upon.

8.31.9(b) Interface agreements shall identify parties, institutional roles, legal separateness, purpose, scope, permitted records, prohibited records, permitted uses, prohibited uses, data classes, evidence classes, output classes, access classes, handling classes, public-safe status, confidentiality, privacy, cybersecurity, sovereign data, public authority restrictions, protected knowledge safeguards, finance boundaries, recognition boundaries, protocol boundaries, provider-neutrality obligations, sponsor non-control obligations, publication rules, citation rules, reuse rules, retention rules, deletion rules, sealing rules, archive rules, correction paths, notice paths, dispute paths, and termination paths.

8.31.9(c) Interface agreements with GRF shall preserve that GRF alone acts, where authorized, through its own rules on recognition, standing, maturity records, claims approval, stakeholder formation, registry status, public-facing legitimacy, and public-safe reporting, and that GCRI Canada supplies evidence and methods support only.

8.31.9(d) Interface agreements with GRA shall preserve that GRA or other competent finance-facing actors act, where authorized, through their own rules on finance-readiness, capital-readiness, insurance-readiness, Proof Packs, capital-reader literacy, routeability, RNFD, NFD, UNFSD, public finance interfaces, and finance-boundary discipline, and that GCRI Canada supplies evidence and methods support only.

8.31.9(e) Interface agreements with Protocol Authority shall preserve that Protocol Authority alone acts, where authorized, through its own rules on standards, protocol effect, conformance, role keys, smart licenses, entitlement states, proof-receipt architecture, schemas, APIs, technical baselines, and protocol correction, and that GCRI Canada supplies evidence, methods, ontology, software, and technical support only.

8.31.9(f) Interface agreements shall prohibit misuse of GCRI Canada inputs as certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence unless a separate competent actor has lawfully created such status through its own record.

8.31.9(g) Interface agreements shall include correction obligations requiring affected actors to receive, review, and where appropriate act upon correction signals, supersession notices, withdrawal notices, retraction notices, public-safe notices, controlled notices, and dependency updates.

8.31.9(h) Where no adequate interface agreement or equivalent record exists, GCRI Canada shall limit the interface to low-risk, public-safe, non-sensitive, non-material, or internal preparatory use unless competent governance records a lawful, safe, bounded, and correctionable basis for proceeding.

8.31.9(i) The controlling rule shall be that interface agreements are required because shared evidence moves across institutions only safely when roles, uses, limits, corrections, and accountability are written down.

***

8.31.10 No Substitution of GRF, GRA, or Protocol Authority Roles.\
8.31.10(a) GCRI Canada shall not substitute itself for GRF, GRA, or Nexus Standards / Protocol Authority through Truth Engine inputs, Verifiable Compute records, Verifiable Intelligence outputs, Proof Receipts, model records, dataset records, system records, benchmark records, public-safe summaries, controlled annexes, dashboards, maps, APIs, technical baselines, public-good software, Academy materials, correction signals, interface records, or public claims.

8.31.10(b) GCRI Canada shall not perform GRF’s role of recognition, standing, maturity records, claims approval, registry status, stakeholder formation, public-facing legitimacy, or public-safe reporting status by issuing evidence, public-safe summaries, Docket inputs, Grid inputs, maturity-context inputs, correction signals, or Proof Receipts.

8.31.10(c) GCRI Canada shall not perform GRA’s role of finance-readiness discipline, capital-readiness discipline, insurance-readiness discipline, Proof Pack status, finance-facing routeability, capital-reader literacy governance, RNFD, NFD, UNFSD, public finance interface discipline, or finance-boundary institutional action by issuing evidence, risk records, resilience records, host readiness evidence, node evidence, correction signals, or Proof Receipts.

8.31.10(d) GCRI Canada shall not perform Protocol Authority’s role of standards adoption, protocol effect, conformance determination, certification, role keys, smart licenses, entitlement states, proof-receipt legal effect, schemas with protocol force, API status with protocol force, technical baseline adoption with protocol force, or protocol correction by issuing methods, technical baselines, software, evidence inputs, benchmark inputs, correction signals, or Proof Receipts.

8.31.10(e) GCRI Canada may support each of GRF, GRA, and Protocol Authority through evidence, methods, ontology, observability, Verifiable Compute, Verifiable Intelligence, public-good software, open technical baselines, public-safe summaries, controlled annexes, training, correction, and interface discipline, but only as support within role separation.

8.31.10(f) Where any GCRI Canada output is used or described in a manner that substitutes for GRF, GRA, or Protocol Authority roles, GCRI Canada shall correct, clarify, restrict, relabel, withdraw, reissue, notify affected interfaces, seek removal of misleading references, suspend the interface where required, or pursue contractual or legal remedies where appropriate.

8.31.10(g) No ambiguity shall be resolved in favour of role substitution. Where there is doubt whether a GCRI Canada output is evidence support or institutional substitution, the interpretation preserving GCRI Canada’s non-execution role, GRF’s recognition role, GRA’s finance-readiness role, Protocol Authority’s protocol role, public authority boundaries, provider neutrality, sponsor non-control, validity-by-record, correctionability, and public trust shall prevail.

8.31.10(h) The controlling rule shall be that GCRI Canada may strengthen GRF, GRA, and Protocol Authority by supplying better evidence, but it must never become them by implication.

### 8.32 Interfaces With Public Authorities, National Companies, Project SPVs, Providers, and Hosts

8.32.1 Public Authority Learning Interfaces.\
8.32.1(a) GCRI Canada may maintain public authority learning interfaces for the limited purpose of supporting public-benefit learning, technical literacy, evidence literacy, systems-risk understanding, resilience learning, AI literacy, cyber literacy, observability literacy, public-safe interpretation, scenario learning, method awareness, and correction discipline for public authorities, without public authority delegation, public authority decision-making, public warning issuance, regulatory approval, procurement approval, funding approval, public finance approval, emergency command, or public-law effect by GCRI Canada.

8.32.1(b) Public authority learning interfaces may include workshops, controlled rooms, public authority rooms, secure briefings, public-safe summaries, controlled annexes, Evidence Packs, Decision Packs, dashboards, maps, APIs, technical notes, training materials, Academy materials, Verifiable Intelligence outputs, Nexus Truth Engine outputs, Nexus Observatory outputs, Verifiable Compute records, model records, dataset records, benchmark records, Proof Receipt Records, correction signals, and public-safe assurance summaries.

8.32.1(c) Public authority learning interfaces shall identify the public authority, participating office or function where appropriate, participant capacity, official or non-official status, data-sharing authority, permitted use, prohibited use, confidentiality, publication limits, public-safe status, public authority reference limits, access class, handling class, retention treatment, correction path, and boundary language.

8.32.1(d) Public authority learning interfaces shall not be structured to pressure, steer, pre-decide, simulate, replace, or publicly imply the outcome of any public authority decision, regulatory process, procurement process, funding process, public finance process, public warning process, emergency-management process, public health process, public safety process, enforcement process, permitting process, licensing process, or compliance process.

8.32.1(e) GCRI Canada may receive public authority context, questions, learning needs, non-confidential observations, public records, restricted materials where lawfully provided, or public-safe feedback, provided that receipt of such materials does not convert GCRI Canada into a public authority, regulator, procurement actor, funding actor, public finance actor, emergency actor, public warning issuer, enforcement actor, or official decision-maker.

8.32.1(f) Any public authority use of GCRI Canada outputs shall remain the public authority’s own use within its own lawful authority, procedures, duties, records, accountability, and liability. GCRI Canada shall not assume responsibility for public authority decisions merely because a public authority considered, requested, attended, received, commented on, cited, or learned from a GCRI Canada output.

8.32.1(g) Where public authority learning materials are corrected, restricted, superseded, withdrawn, retracted, reclassified, or materially limited, GCRI Canada shall notify or signal affected public authority interfaces where appropriate and review downstream dependencies.

8.32.1(h) The controlling rule shall be that GCRI Canada may support public authority learning, but public authority remains with public authorities.

***

8.32.2 National Company Technical Evidence Interfaces.\
8.32.2(a) GCRI Canada may maintain technical evidence interfaces with National Companies for the limited purpose of providing evidence support, method support, technical baseline support, public-good software support, observability support, Verifiable Compute records, Verifiable Intelligence outputs, Nexus Truth Engine inputs, Nexus Observatory inputs, public-safe outputs, controlled annexes, correction signals, and learning materials within recorded role separation.

8.32.2(b) National Company technical evidence interfaces shall identify the National Company, jurisdiction, interface purpose, relevant program or project context, data classes, evidence classes, output classes, access class, handling class, public-safe status, finance-safe status where material, procurement-safe status where material, provider-neutrality status, sponsor non-control status, permitted use, prohibited use, review status, correction path, and closeout path.

8.32.2(c) GCRI Canada outputs provided through National Company interfaces shall remain evidence-supporting, method-supporting, technical-supporting, learning-supporting, public-safe where released, and correctionable. Such outputs shall not constitute investment advice, finance-readiness, procurement approval, provider selection, vendor award, project approval, operational instruction, construction instruction, deployment instruction, contract approval, public authority decision, certification, recognition, protocol effect, guarantee, rating, or execution authority.

8.32.2(d) National Companies shall remain responsible for their own corporate governance, legal obligations, procurement processes, contracting, financing, employment, operations, delivery, implementation, vendor management, public authority relationships, sponsor relationships, Project SPV relationships, host relationships, and execution records.

8.32.2(e) GCRI Canada shall not use a National Company interface to direct National Company operations, approve National Company contracts, select National Company providers, approve National Company financing, commit National Company resources, control National Company execution, or create enterprise-stack consequences by implication.

8.32.2(f) Where National Company materials are used to inform GCRI Canada evidence, GCRI Canada shall classify such materials for source authority, custody, public-safe status, commercial sensitivity, finance sensitivity, provider relevance, sponsor relevance, host relevance, confidentiality, public authority relevance where any, and correctionability.

8.32.2(g) Where National Company technical evidence interfaces create risk of role confusion, finance overclaim, procurement implication, provider preference, sponsor control, public authority implication, or execution drift, GCRI Canada shall revise boundary language, restrict the interface, reclassify materials, require controlled-room treatment, suspend routing, or refuse the interface as appropriate.

8.32.2(h) The controlling rule shall be that GCRI Canada may support National Companies with evidence and methods, but shall not become the National Company, manage the National Company, or execute through the National Company.

***

8.32.3 Project SPV Evidence Input Interfaces.\
8.32.3(a) GCRI Canada may maintain evidence input interfaces with Project SPVs for the limited purpose of supporting evidence integrity, public-safe learning, technical methods, observability context, Verifiable Compute records, Verifiable Intelligence records, dataset governance, model governance, public-good software support, technical baseline context, correction signals, and public-benefit knowledge transfer, without controlling Project SPV execution.

8.32.3(b) Project SPV evidence input interfaces shall identify the Project SPV, project context, jurisdiction, host context, National Company relationship where any, provider context, sponsor context, public authority context, finance-facing context where any, data classes, evidence classes, output classes, public-safe status, finance-safe status, procurement-safe status, access class, handling class, permitted use, prohibited use, boundary language, correction path, and closeout path.

8.32.3(c) GCRI Canada outputs provided to or received from a Project SPV shall not constitute investment advice, lending support, underwriting support, insurance approval, public finance approval, rating, guarantee, finance-readiness, procurement approval, vendor award, project approval, certification, recognition, Protocol Authority effect, public authority decision, operational clearance, construction authorization, deployment command, infrastructure operation, market authority, or execution consequence.

8.32.3(d) Project SPVs shall remain responsible for their own project governance, financing, contracting, permitting, procurement, risk allocation, delivery, operations, compliance, insurance, engineering, technical implementation, vendor management, host relationships, public authority relationships, sponsor relationships, and execution records.

8.32.3(e) Evidence input from a Project SPV shall be classified for source authority, commercial sensitivity, finance sensitivity, procurement sensitivity, provider sensitivity, sponsor sensitivity, host sensitivity, public authority restrictions, privacy, cybersecurity, sovereign data, protected knowledge, public-safe status, and correctionability before material use by GCRI Canada.

8.32.3(f) GCRI Canada shall not permit Project SPV-facing materials to be used as bankability determinations, fundability determinations, insurance-readiness determinations, procurement preferences, provider endorsements, sponsor validations, public authority approvals, public-safe legitimacy claims, or execution-ready claims by implication.

8.32.3(g) Where Project SPV evidence input interfaces create overclaim, market reliance, public authority confusion, finance implication, procurement implication, provider preference, sponsor control, host approval implication, or execution drift, GCRI Canada shall require correction, relabeling, controlled notice, public-safe clarification, restriction, withdrawal, interface suspension, or other remedy proportionate to risk.

8.32.3(h) The controlling rule shall be that Project SPV interfaces may inform evidence, but evidence input is not project execution.

***

8.32.4 Provider Data, Tooling, Equipment, AI, Compute, Dashboard, Sensor, and Integration Interfaces.\
8.32.4(a) GCRI Canada may maintain interfaces with providers for provider data, tooling, equipment, AI systems, compute environments, dashboards, maps, sensors, reference sensors, AI-RAN systems, O-RAN systems, private wireless systems, DePIN systems, cyber tools, geospatial tools, digital twin tools, APIs, repositories, public-good software components, technical baseline components, integration support, validation-sprint support, benchmark support, public-safe demonstrations, and correction support.

8.32.4(b) Provider interfaces shall identify provider identity, provider role, provider materials, provider systems, provider data, provider tools, provider equipment, provider staff or representatives where material, permitted use, prohibited use, data classes, evidence classes, output classes, access class, handling class, public-safe status, commercial sensitivity, IP sensitivity, cybersecurity sensitivity, export-control sensitivity, sanctions sensitivity, provider influence controls, benchmark conditions, validation conditions, publication limits, and correction path.

8.32.4(c) Provider-supplied data, tooling, equipment, AI, compute, dashboards, sensors, or integration support shall not be treated as neutral, valid, complete, independent, public-safe, benchmark-ready, procurement-ready, finance-ready, certified, recognized, protocol-effective, or execution-ready merely because supplied by a reputable provider, widely adopted provider, technically advanced provider, sponsor-supported provider, public authority-used provider, or Nexus-participating provider.

8.32.4(d) Provider interfaces shall preserve provider neutrality. GCRI Canada shall not use provider interfaces to endorse providers, rank providers for procurement, award vendor status, create public tender advantage, imply preferred-provider status, validate provider marketing claims, certify provider technology, create Nexus-compatible status, or create Protocol Authority effect by default.

8.32.4(e) Provider benchmarks, validation sprints, demonstrations, pilots, integrations, dashboards, maps, AI outputs, sensor outputs, compute outputs, or technical notes shall identify provider role, provider-supplied configuration, provider-supplied data, provider-supplied environment, provider limitations, conflicts, influence controls, confidence, uncertainty, limitations, permitted claims, prohibited claims, and correction path.

8.32.4(f) Provider access to GCRI Canada systems, records, controlled rooms, data rooms, clean rooms, compute environments, retrieval sources, embedding stores, dashboards, maps, APIs, repositories, or public-good software shall be role-based, purpose-bound, least-privilege, logged, time-bound where appropriate, revocable, and subject to confidentiality, cybersecurity, privacy, sovereign data, protected knowledge, public-safe, and boundary controls.

8.32.4(g) Where provider interface use creates provider preference, public authority implication, finance implication, procurement implication, sponsor validation, data leakage, IP dispute, cyber risk, benchmark overclaim, public-safe defect, or correction failure, GCRI Canada shall restrict access, hold outputs, correct records, revise public-safe materials, suspend the interface, or require remedial action.

8.32.4(h) The controlling rule shall be that providers may supply tools and data to evidence work, but provider participation shall not become endorsement, procurement preference, certification, finance-readiness, protocol effect, or execution authority.

***

8.32.5 Host Data, Context, Infrastructure, Facility, Sensor, Compute, and Participation Interfaces.\
8.32.5(a) GCRI Canada may maintain interfaces with hosts for host data, local context, infrastructure context, facility context, sensor context, compute context, operational context in public-safe or controlled form, community context, public authority context, environmental context, resilience context, participation records, evidence review, public-safe learning, and correction.

8.32.5(b) Host interfaces shall identify host identity, host role, facility or site context where safe and material, infrastructure context, community context, jurisdiction, public authority relevance, provider relevance, sponsor relevance, Project SPV relevance, National Company relevance, data classes, evidence classes, access class, handling class, public-safe status, protected knowledge status, privacy status, cybersecurity status, sovereign data status, permitted use, prohibited use, publication limits, safe-location treatment, and correction path.

8.32.5(c) Host-provided data or context may include field observations, facility records, infrastructure observations, sensor records, community observations, environmental observations, local risk context, resilience context, participation information, operational constraints, and public-safe host learning needs, provided that such materials are classified, permissioned, safeguarded, and records-valid before material use.

8.32.5(d) GCRI Canada shall not use host interfaces to operate host infrastructure, direct host personnel, control facilities, issue public warnings, command emergency response, approve host procurement, approve host financing, certify host readiness, recognize host status, endorse host claims, approve Project SPV execution, or create public authority decisions.

8.32.5(e) Host data and context shall be reviewed for privacy, worker safety, resident safety, community harm, sensitive-site exposure, infrastructure-sensitive information, cyber-sensitive information, public authority restrictions, protected knowledge, confidential source protection, finance-sensitive information, commercial sensitivity, safe-location treatment, and public-safe publication risk.

8.32.5(f) Host participation, facility access, data contribution, infrastructure context, public authority context, sponsor support, provider involvement, or dashboard visibility shall not imply host approval, host endorsement, host certification, host recognition, finance-readiness, procurement approval, public authority approval, provider preference, sponsor validation, operational clearance, or execution consequence.

8.32.5(g) Where host-facing materials are corrected, restricted, superseded, withdrawn, retracted, or materially reclassified, GCRI Canada shall notify or signal affected host interfaces where appropriate and review downstream dependencies.

8.32.5(h) The controlling rule shall be that host interfaces may support grounded evidence and public-safe learning, but they shall not turn GCRI Canada into a host operator or execution authority.

***

8.32.6 Public Authority Capacity Classification, Data Controls, and Reference Controls.\
8.32.6(a) GCRI Canada shall apply public authority capacity classification, data controls, and reference controls to all interfaces involving public authorities, National Companies, Project SPVs, providers, hosts, sponsors, universities, communities, or other actors where public authority materials, public authority participation, public authority references, public authority data, public finance references, procurement references, regulator-listening context, emergency-management context, or public-sector systems are present.

8.32.6(b) Public authority capacity classification shall identify whether a public authority actor participates as observer, learner, contributor, data provider, reviewer, convenor, regulator, procurement actor, public finance actor, emergency-management actor, public health actor, infrastructure actor, sponsor, host, funder, or other capacity, and whether participation is official, non-official, exploratory, educational, technical, public-safe, controlled, or otherwise limited.

8.32.6(c) Public authority data controls shall identify source, lawful basis or authority where applicable, data-sharing terms, confidentiality, official or non-official status, classification, access limits, processing limits, retention limits, deletion or return obligations, transfer limits, public-safe status, publication limits, agency reference controls, correction path, and notice obligations.

8.32.6(d) Public authority reference controls shall govern the use of agency names, logos, seals, titles, photographs, quotations, meeting attendance, room participation, data contributions, regulator-listening references, emergency-management references, public finance references, procurement references, funding references, jurisdictional references, and public-sector summaries.

8.32.6(e) Public authority references shall not imply endorsement, adoption, approval, delegation, procurement relevance, funding relevance, public finance approval, official guidance, regulatory position, public warning, emergency command, safe harbor, compliance determination, enforcement position, permit, license, sovereign obligation, or public-law status unless a competent public authority has separately created such status through its own lawful record.

8.32.6(f) Where public authority reference risk exists, GCRI Canada shall require revised wording, removal of references, non-endorsement language, non-delegation language, non-warning language, non-procurement language, non-funding language, non-public-finance language, controlled-room treatment, public-safe review, or public authority confirmation where appropriate and lawful.

8.32.6(g) Public authority capacity classification, data controls, and reference controls shall be linked, where applicable, to interface records, public-safe review records, Evidence Packs, Decision Packs, dashboards, maps, APIs, datasets, technical notes, correction records, and dependency records.

8.32.6(h) The controlling rule shall be that public authority participation must be classified and controlled because public authority references can create authority by implication even when no authority was granted.

***

8.32.7 Finance-Safe, Procurement-Safe, Provider-Neutral, and Public-Safe Boundary Language.\
8.32.7(a) GCRI Canada shall include finance-safe, procurement-safe, provider-neutral, sponsor-non-control, host-boundary, public authority-boundary, public-safe, and non-execution boundary language in materials prepared for or involving public authorities, National Companies, Project SPVs, providers, hosts, sponsors, capital readers, procurement-adjacent audiences, finance-facing audiences, public-safe audiences, and other downstream actors where foreseeable misuse requires such language.

8.32.7(b) Finance-safe boundary language shall state or preserve, where material, that the output is evidence-supporting, learning-supporting, risk-context-supporting, resilience-context-supporting, or technical in nature and does not constitute finance-readiness, capital-readiness, insurance-readiness, investment advice, securities recommendation, brokerage, placement, finder activity, lending decision, underwriting decision, insurance approval, rating, guarantee, public finance approval, bankability, fundability, capital commitment, credit quality, insurance quality, investment quality, or financial suitability.

8.32.7(c) Procurement-safe boundary language shall state or preserve, where material, that the output does not constitute procurement approval, vendor award, tender evaluation, purchasing recommendation, provider selection, public tender advantage, provider preference, provider ranking, preferred supplier status, or procurement qualification.

8.32.7(d) Provider-neutral boundary language shall state or preserve, where material, that provider participation, provider data, provider equipment, provider tooling, provider AI, provider compute, provider dashboards, provider sensors, provider demonstrations, validation sprints, benchmarks, technical notes, or public-safe summaries do not constitute endorsement, certification, recognition, Nexus-compatible status, Protocol Authority effect, procurement preference, or market superiority.

8.32.7(e) Sponsor-non-control boundary language shall state or preserve, where material, that sponsor support, funding, participation, convening support, facilities support, technology access, data access, or event support does not purchase outcomes, control evidence, control publication, control public authority access, control provider selection, control recognition, control finance-readiness, control protocol effect, or control execution.

8.32.7(f) Public-safe and non-execution boundary language shall state or preserve, where material, that GCRI Canada outputs are evidence-supporting, method-supporting, observability-supporting, learning-supporting, public-safe, and correctionable, and are not public warnings, emergency commands, public authority decisions, certifications, recognitions, protocol effects, procurement approvals, provider endorsements, sponsor approvals, finance approvals, operational clearances, infrastructure commands, legal status, market authority, or execution instructions.

8.32.7(g) Boundary language shall be visible, audience-appropriate, controlled-vocabulary-consistent, linked to correction paths, and included in cover pages, room rules, dashboard legends, map captions, API documentation, dataset notes, technical notes, public-safe summaries, Evidence Packs, Decision Packs, repository descriptions, release notes, presentations, event materials, and correction notices where appropriate.

8.32.7(h) The controlling rule shall be that interfaces with downstream actors require boundary language because evidence becomes risky when audiences can mistake it for finance, procurement, provider preference, public authority approval, or execution.

***

8.32.8 Access Controls, Controlled Rooms, Data Rooms, Clean Rooms, and No-Download Rooms.\
8.32.8(a) GCRI Canada shall maintain access controls, controlled rooms, data rooms, clean rooms, no-download rooms, secure collaboration rooms, public authority rooms, finance-safe rooms, provider rooms, sponsor-controlled-access rooms where appropriate, host rooms, community rooms, safeguards rooms, cyber rooms, protected knowledge rooms, and other controlled environments for material interfaces where ordinary sharing would create unacceptable risk.

8.32.8(b) Access controls shall identify authorized users, roles, organizations, capacities, access authority, access purpose, access duration, access class, handling class, permitted use, prohibited use, confidentiality obligations, conflict status where material, training status, review status, logging requirements, monitoring requirements, export restrictions, download restrictions, and revocation path.

8.32.8(c) Controlled rooms shall be used where sensitive evidence, public authority materials, finance-sensitive materials, provider materials, sponsor materials, host materials, community materials, protected knowledge, cyber-sensitive materials, infrastructure-sensitive materials, or high-consequence disputes require access-limited review with recorded room rules.

8.32.8(d) Data rooms shall be used where datasets, Evidence Packs, Decision Packs, technical annexes, public authority materials, finance-sensitive materials, provider materials, sponsor materials, host materials, Project SPV materials, National Company materials, or interface materials require structured access, logs, permissions, no-advice language where applicable, no-endorsement language where applicable, no-procurement language where applicable, public-safe controls, and correction paths.

8.32.8(e) Clean rooms and compute-to-data rooms shall be used where multiple actors need to compare, validate, or learn from restricted data without moving or exposing underlying sensitive data beyond approved controls.

8.32.8(f) No-download rooms shall be used where materials shall not be downloaded, copied, screenshotted, screen-recorded, printed, locally synced, embedded, trained on, retrieved into unauthorized systems, exported through APIs, or redistributed.

8.32.8(g) Access to controlled environments shall not create governance rights, data ownership, publication rights, public authority status, provider preference, sponsor control, procurement advantage, finance access, recognition, certification, protocol effect, or execution authority beyond the record.

8.32.8(h) Where access controls or room rules are breached, GCRI Canada shall restrict access, preserve logs where safe, assess exposure, conduct privacy, cybersecurity, sovereign data, public authority, safeguards, legal, finance-boundary, provider-neutrality, and sponsor non-control review where applicable, correct records, notify affected interfaces where required, and update controls.

8.32.8(i) The controlling rule shall be that interface access must be controlled because the act of viewing, downloading, copying, retrieving, or summarizing evidence can create risk even before publication.

***

8.32.9 Interface Records, Incident Records, Correction Records, and Closeout Records.\
8.32.9(a) GCRI Canada shall maintain, or cause to be maintained, interface records, incident records, correction records, dependency records, notice records, restriction records, closeout records, and archive records for material interfaces with public authorities, National Companies, Project SPVs, providers, hosts, sponsors, capital readers, universities, communities, and other downstream actors.

8.32.9(b) Interface records shall identify interface title or identifier, parties or actors, institutional capacities, purpose, scope, records shared, records received, data classes, evidence classes, output classes, access class, handling class, public-safe status, finance-safe status, procurement-safe status, provider-neutrality status, sponsor non-control status, public authority status, protected knowledge status, permitted uses, prohibited uses, room rules where any, publication rules, citation rules, retention rules, deletion rules, correction path, notice path, dispute path, termination path, and closeout path.

8.32.9(c) Incident records shall identify unauthorized access, unauthorized disclosure, data leakage, public authority overclaim, finance overclaim, procurement overclaim, provider preference, sponsor validation, host approval implication, public-safe defect, protected knowledge exposure, cyber event, privacy event, sovereign data issue, benchmark misuse, dashboard misuse, map misuse, API misuse, room rule breach, reference-control breach, or execution implication arising from an interface.

8.32.9(d) Correction records shall identify corrected interface material, prior status, corrected status, correction basis, reviewer, approving actor where applicable, effective date, affected parties, affected outputs, affected dependencies, notice decision, public-safe status, boundary-language changes, access changes, and archive treatment.

8.32.9(e) Closeout records shall identify completion, termination, suspension, expiration, data return, data deletion, data sealing, access revocation, credential revocation, room closure, outstanding corrections, outstanding notices, retained records, archive status, public-safe obligations, confidentiality obligations, protected knowledge obligations, public authority obligations, and continuing prohibited uses.

8.32.9(f) Interface records shall be linked, where applicable, to Evidence Register entries, Source Comparison Records, Dataset Register entries, Model Register entries, System Card entries, Benchmark Card entries, Evaluation Harness Records, Inference Records, Human Review Records, Retrieval and Embedding Records, Compute Workload Records, Compute Environment Records, Method Register entries, Observability Register entries, Ontology and Controlled Vocabulary Register entries, Output Class Register entries, Proof Receipt Records, AI Incident Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, National Company records, Project SPV records, Nexus interface records, and public claims records.

8.32.9(g) Interface, incident, correction, and closeout records shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.32.9(h) The controlling rule shall be that every material interface must leave a record sufficient to explain who participated, what was shared, what was allowed, what was prohibited, what went wrong, what was corrected, and what obligations survive closeout.

***

8.32.10 No Public Authority, Finance, Procurement, Certification, Provider Preference, or Execution Consequence by Interface Alone.\
8.32.10(a) No interface with a public authority, National Company, Project SPV, provider, host, sponsor, capital reader, university, community, GRF, GRA, Protocol Authority, Nexus entity, or other downstream actor shall create public authority decision, official guidance, regulatory approval, procurement approval, funding approval, public finance approval, finance-readiness, investment advice, insurance approval, lending decision, underwriting decision, rating, guarantee, certification, recognition, maturity status, protocol effect, Nexus-compatible status, provider preference, sponsor approval, host approval, operational clearance, legal status, market authority, infrastructure operation, public warning, emergency command, or execution consequence by interface alone.

8.32.10(b) Attendance at an interface, participation in a room, data contribution, receipt of materials, review of materials, comments on materials, technical feedback, public authority presence, provider presence, sponsor presence, capital-reader presence, host participation, dashboard access, map access, API access, Proof Receipt access, Evidence Pack access, Decision Pack access, or public-safe summary access shall not create authority, approval, endorsement, finance consequence, procurement consequence, certification, recognition, protocol effect, or execution consequence by implication.

8.32.10(c) Any public authority decision, finance decision, procurement decision, certification, recognition, protocol effect, provider selection, sponsor decision, host decision, National Company action, Project SPV action, or execution consequence shall arise only through the competent actor’s own lawful process and record, not through GCRI Canada’s interface, evidence, methods, outputs, dashboards, maps, records, or public-safe materials by default.

8.32.10(d) GCRI Canada shall not permit interface outputs to be marketed, labelled, summarized, cited, displayed, translated, excerpted, included in public claims, or used in third-party materials as though the interface itself created approval, status, readiness, legitimacy, endorsement, finance consequence, procurement consequence, authority, or execution.

8.32.10(e) Where interface materials are misused to imply public authority approval, finance-readiness, procurement approval, certification, recognition, protocol effect, provider preference, sponsor approval, host approval, operational clearance, legal status, public warning, emergency command, or execution consequence, GCRI Canada shall require correction, relabeling, removal of misleading references, public-safe clarification, controlled notice, withdrawal, retraction, interface suspension, contract remedy, or legal action where appropriate.

8.32.10(f) No ambiguity shall be resolved in favour of interface consequence. Where there is doubt whether an interface created a downstream status or only supported evidence, the interpretation preserving GCRI Canada’s non-execution role, public authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, GRF role separation, GRA role separation, Protocol Authority role separation, validity-by-record, correctionability, and public trust shall prevail.

8.32.10(g) Interface controls under this section shall apply to written materials, verbal statements, meeting notes, recordings, transcripts, dashboards, maps, APIs, datasets, repository descriptions, website text, social summaries, event materials, sponsor materials, provider materials, public authority materials, National Company materials, Project SPV materials, host materials, media materials, and public claims.

8.32.10(h) The controlling rule shall be that interfaces create channels for learning, evidence, records, and correction; they do not create public authority, finance, procurement, certification, provider preference, sponsor control, or execution by themselves.

### 8.33 Truth Engine, Compute, and AI Registers

8.33.1 Truth Engine Methods Register.\
8.33.1(a) GCRI Canada shall maintain, or cause to be maintained, a Truth Engine Methods Register for material methods used in Nexus Truth Engine activities, Verifiable Intelligence, Verifiable Compute, source comparison, confidence scoring, uncertainty treatment, dispute handling, correction, public-safe publication, public authority learning, GRF inputs, GRA inputs, Protocol Authority inputs, Nexus Observatory outputs, Nexus Rails handoffs, Nexus Grid inputs, Nexus Academy materials, Evidence Packs, Decision Packs, dashboards, maps, APIs, technical baselines, public-good software, and public claims.

8.33.1(b) The Truth Engine Methods Register shall identify method title or identifier, method purpose, method owner, custodian, steward, version, status, scope, evidence classes supported, data classes supported, technology domains supported, risk domains supported, output classes supported, permitted uses, prohibited uses, public-safe status, access class, handling class, confidence relationship, uncertainty relationship, limitation relationship, human review requirement, correction path, supersession path, withdrawal path, retirement path, and archive path.

8.33.1(c) Registered methods may include source comparison methods, corroboration methods, contradiction methods, dispute-handling methods, challenge-handling methods, confidence methods, uncertainty methods, limitation methods, public-safe classification methods, output-class methods, retrieval methods, embedding methods, inference methods, model evaluation methods, compute-verification methods, observability methods, dashboard methods, map methods, benchmark methods, Proof Receipt methods, and correction methods.

8.33.1(d) A method shall not be treated as approved for all uses merely because it is registered, widely used, technically sophisticated, AI-assisted, public-good, open-source, externally accepted, provider-supported, sponsor-supported, public authority-relevant, or previously used in another context.

8.33.1(e) Where a method materially changes, is corrected, is challenged, is found defective, is superseded, is restricted, is retired, or is no longer fit for purpose, the Truth Engine Methods Register shall be updated and affected outputs, records, interfaces, dependencies, and public-safe materials shall be reviewed.

8.33.1(f) The Truth Engine Methods Register shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.33.1(g) The controlling rule shall be that Truth Engine methods must be registered because institutional truth-support depends on knowing which method was used, for what purpose, under what limits, and how it can be corrected.

***

8.33.2 Source Comparison Register.\
8.33.2(a) GCRI Canada shall maintain, or cause to be maintained, a Source Comparison Register for material source comparison events, methods, records, outputs, disputes, challenges, corrections, and dependencies used in Nexus Truth Engine, Nexus Observatory, Verifiable Intelligence, Evidence Packs, Decision Packs, dashboards, maps, public-safe outputs, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, technical baselines, and public claims.

8.33.2(b) The Source Comparison Register shall identify comparison title or identifier, evidence question, source classes compared, source records, dataset records, observability records, public authority records where any, community records where any, provider records where any, sponsor records where any, method used, reviewer, comparison date, source authority, source independence, source reliability, source timeliness, source permission, source bias, source completeness, conflict status, corroboration status, contradiction status, dispute status, confidence effect, uncertainty effect, limitation effect, public-safe status, output relationship, and correction path.

8.33.2(c) Source comparisons may involve sensors, reference sensors, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, cyber logs, geospatial data, Earth observation, satellite data, digital twins, simulations, public records, operator observations, field observations, public authority context, community context, Indigenous or protected knowledge context, university or laboratory outputs, provider systems, sponsor-supplied data, host data, and historical records.

8.33.2(d) The Register shall distinguish corroborated comparisons, conflicting comparisons, incomplete comparisons, stale comparisons, missing-source comparisons, contested comparisons, spoof-risk comparisons, tamper-risk comparisons, provider-influenced comparisons, sponsor-influenced comparisons, public authority-sensitive comparisons, protected-knowledge-sensitive comparisons, and public-safe comparisons.

8.33.2(e) Where source comparison status changes because a source is corrected, reclassified, restricted, superseded, withdrawn, retracted, disputed, found stale, found biased, found unauthorized, or found unsafe, GCRI Canada shall update the Register and review affected confidence, uncertainty, limitations, outputs, and dependencies.

8.33.2(f) The Source Comparison Register shall not create official truth, public authority meaning, finance-readiness, certification, recognition, protocol effect, provider preference, sponsor approval, public warning, emergency command, or execution consequence by default.

8.33.2(g) The controlling rule shall be that source comparison must be registered because evidence becomes trustworthy only when the institution can show which sources were compared, how conflicts were handled, and what limits remain.

***

8.33.3 Confidence Rules Register.\
8.33.3(a) GCRI Canada shall maintain, or cause to be maintained, a Confidence Rules Register for material confidence methods, confidence thresholds, confidence scoring rules, confidence display rules, confidence downgrade rules, confidence update rules, confidence change logs, and confidence-related public-safe controls used by or on behalf of GCRI Canada.

8.33.3(b) The Confidence Rules Register shall identify rule title or identifier, purpose, owner, custodian, steward, version, applicable evidence classes, data classes, source classes, output classes, technology domains, risk domains, public-safe uses, controlled-room uses, public authority uses, GRF uses, GRA uses, Protocol Authority uses, provider-facing uses, sponsor-facing uses, dashboard uses, map uses, API uses, and correction path.

8.33.3(c) Confidence rules shall identify inputs, including source quality, source authority, corroboration, independence, timeliness, calibration, completeness, reproducibility, review status, model evaluation, retrieval grounding, compute integrity, method reliability, data quality, public-safe status, and context.

8.33.3(d) Confidence downgrade rules shall address conflict, staleness, missing data, spoof risk, tamper risk, data corruption, bias, model uncertainty, hallucination risk, retrieval weakness, embedding weakness, public authority ambiguity, finance-boundary risk, provider influence, sponsor influence, protected knowledge constraints, public-safe limits, and correction status.

8.33.3(e) Confidence rules shall identify thresholds for internal use, controlled-room use, public-safe release, public authority learning, GRF input, GRA input, Protocol Authority input, dashboard display, map display, API exposure, publication, correction, supersession, withdrawal, and retraction where applicable.

8.33.3(f) Confidence rules shall require uncertainty pairing and limitation treatment. No confidence rule shall authorize confidence to be displayed, marketed, cited, visualized, or reused as rating, certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, protocol effect, public warning, emergency command, operational clearance, or execution readiness by default.

8.33.3(g) Where a confidence rule is changed, corrected, restricted, superseded, or retired, GCRI Canada shall review affected confidence scores, dashboards, maps, reports, Evidence Packs, Decision Packs, GRF inputs, GRA inputs, Protocol Authority inputs, public-safe outputs, and public claims.

8.33.3(h) The controlling rule shall be that confidence rules must be registered because confidence is not a label; it is a governed interpretation of evidence quality and uncertainty.

***

8.33.4 Compute Workload Register.\
8.33.4(a) GCRI Canada shall maintain, or cause to be maintained, a Compute Workload Register for material compute workloads supporting GCRI Canada outputs, Nexus Truth Engine activities, Verifiable Compute, Verifiable Intelligence, Nexus Observatory activities, AI outputs, model evaluation, dataset processing, evidence assembly, dashboards, maps, APIs, public-good software, technical baselines, public-safe publication, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider materials, sponsor materials, host materials, community-facing materials, and public claims.

8.33.4(b) The Compute Workload Register shall identify workload title or identifier, workload purpose, owner, custodian, steward, requesting function, approving actor where applicable, source records, dataset records, model records, code records, method records, compute environment, jurisdiction, provider where any, infrastructure type, data class, evidence class, output class, access class, handling class, public-safe status, public authority status, finance-facing status where material, protected knowledge status, and correction path.

8.33.4(c) The Register shall identify input data, permissions, lawful basis where applicable, cross-border status, sovereign data status, compute-to-data status, secure enclave status, confidential computing status, air-gapped status, logging status, signing status, hashing status, attestation status, reproducibility notes, human review status, output identity, output classification, retention treatment, deletion treatment, sealing treatment, archive treatment, and legal hold status.

8.33.4(d) Compute workloads shall be distinguished by status, including proposed, approved, active, completed, restricted, suspended, corrected, rerun, superseded, failed, withdrawn, retired, archived, prohibited, and under review.

8.33.4(e) Where a compute workload is misclassified, unauthorized, unlogged, insecure, cross-border defective, public-safe defective, privacy-defective, cyber-defective, sovereign-data-defective, protected-knowledge-defective, boundary-defective, or correction-defective, GCRI Canada shall restrict, hold, rerun, correct, supersede, withdraw, retire, archive, or prohibit the workload as appropriate.

8.33.4(f) The Compute Workload Register shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, market authority, infrastructure operation, or execution consequence by default.

8.33.4(g) The controlling rule shall be that compute workloads must be registered because evidence shaped by compute must remain traceable to purpose, inputs, environment, review, output, and correction path.

***

8.33.5 Compute Environment Register.\
8.33.5(a) GCRI Canada shall maintain, or cause to be maintained, a Compute Environment Register for material compute environments used by or on behalf of GCRI Canada, including public cloud, private cloud, sovereign cloud, edge compute, on-premise compute, high-performance compute, secure enclave, confidential computing, compute-to-data, air-gapped, no-download, controlled-room, clean-room, data-room, university, public authority, provider, sponsor-supported, and public-good software environments.

8.33.5(b) The Compute Environment Register shall identify environment title or identifier, owner, custodian, steward, provider where any, jurisdiction, cloud region where applicable, infrastructure type, approved workload classes, prohibited workload classes, data classes supported, evidence classes supported, output classes supported, access class, handling class, public-safe status, sovereign data status, public authority status, protected knowledge status, cyber-sensitive status, and correction path.

8.33.5(c) The Register shall identify identity and access controls, least privilege, segmentation, isolation, logging, monitoring, security telemetry, key management, token management, secrets management, credential controls, encryption status, backup treatment, disaster recovery treatment, exit readiness, decommissioning path, incident path, retention treatment, deletion treatment, sealing treatment, archive path, and legal hold treatment.

8.33.5(d) The Register shall distinguish approved, restricted, experimental, sandbox, controlled-room only, sovereign-only, compute-to-data only, air-gapped, no-download, suspended, deprecated, retired, archived, and prohibited environments.

8.33.5(e) A compute environment shall not be treated as authorized merely because it is commercially reputable, public-sector-used, provider-certified, sponsor-supported, locally hosted, cloud-secure, technically advanced, or previously approved for another workload.

8.33.5(f) Where an environment’s legal, privacy, cybersecurity, sovereign data, public authority, protected knowledge, provider, sponsor, or public-safe posture changes materially, GCRI Canada shall update the Register and review affected workloads, outputs, dependencies, and interface records.

8.33.5(g) The Compute Environment Register shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, infrastructure operation, or execution consequence by default.

8.33.5(h) The controlling rule shall be that compute environments must be registered because where compute happens determines what law, access, security, sovereignty, and correction controls apply.

***

8.33.6 Model Register.\
8.33.6(a) GCRI Canada shall maintain, or cause to be maintained, a Model Register for material AI, machine learning, statistical, simulation, digital twin, generative, agentic, retrieval, embedding, classification, forecasting, risk, inference, sensor-fusion, geospatial, cyber, climate, infrastructure, resilience, and public-safe communication systems used by or on behalf of GCRI Canada.

8.33.6(b) The Model Register shall identify model title or identifier, model family, model type, provider, developer where any, owner where known, GCRI Canada owner or responsible function, custodian, steward, version, release status, deployment context, access method, approved environments, permitted uses, prohibited uses, audience, risk class, output class compatibility, data access, training data status where known, fine-tuning status, retrieval sources, embedding stores, evaluation status, incident history, restriction history, suspension history, deprecation history, retirement status, and correction path.

8.33.6(c) The Register shall distinguish proposed, experimental, sandbox, evaluation, restricted, approved for specific use, approved for controlled-room use, approved for public-safe support, production-supporting, suspended, reinstated, deprecated, superseded, withdrawn, retired, archived, and prohibited models.

8.33.6(d) The Model Register shall identify required Model Cards, System Cards, Dataset Cards, Benchmark Cards, Evaluation Harness Records, Inference Records, Human Review Records, access controls, logging controls, monitoring controls, human review requirements, output review requirements, public-safe controls, incident pathways, lifecycle records, and correction paths.

8.33.6(e) A model shall not be authorized for material use merely because it is registered, commercially reputable, widely used, open-source, high-performing, provider-promoted, sponsor-supported, benchmarked externally, public-sector-used, or technically convenient.

8.33.6(f) Where a model is corrected, restricted, suspended, reinstated, deprecated, retired, withdrawn, prohibited, replaced, or incident-affected, GCRI Canada shall update the Model Register and review affected outputs, workflows, records, dependencies, and public-safe materials.

8.33.6(g) The Model Register shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.33.6(h) The controlling rule shall be that models must be registered because model identity, version, purpose, data access, risk, evaluation, and lifecycle status shape every output the model touches.

***

8.33.7 Dataset Register.\
8.33.7(a) GCRI Canada shall maintain, or cause to be maintained, a Dataset Register for material datasets used by or on behalf of GCRI Canada in evidence work, model governance, retrieval, embedding, training where authorized, fine-tuning where authorized, evaluation, benchmarking, Verifiable Compute, Verifiable Intelligence, Nexus Truth Engine activities, Nexus Observatory activities, public-safe publication, public authority learning, GRF inputs, GRA inputs, Protocol Authority inputs, dashboards, maps, APIs, Evidence Packs, Decision Packs, technical baselines, public-good software, provider materials, sponsor materials, host materials, community-facing materials, and public claims.

8.33.7(b) The Dataset Register shall identify dataset title or identifier, dataset type, owner where known, GCRI Canada owner or responsible function where applicable, custodian, steward, contributor, source, provenance, version, license, permissions, consent or non-consent treatment where applicable, lawful basis where applicable, use limits, data class, evidence class, technology domain, risk domain, public-safe status, access class, handling class, public authority status, personal information status, health-sensitive status, cyber-sensitive status, infrastructure-sensitive status, sovereign data status, community-protected status, Indigenous or protected knowledge status, finance-sensitive status, commercial sensitivity, export-control sensitivity, sanctions sensitivity, AI-use status, training-use status, embedding-use status, retrieval-use status, transfer status, retention status, and correction path.

8.33.7(c) The Dataset Register shall distinguish proposed datasets, approved datasets, restricted datasets, controlled-room datasets, public-safe datasets, training-prohibited datasets, embedding-prohibited datasets, retrieval-prohibited datasets, publication-prohibited datasets, public authority-restricted datasets, finance-sensitive datasets, provider-sensitive datasets, sponsor-sensitive datasets, community-protected datasets, protected knowledge datasets, corrected datasets, superseded datasets, withdrawn datasets, retracted datasets, suspended datasets, reinstated datasets, retired datasets, archived datasets, and prohibited datasets.

8.33.7(d) Dataset entries shall link to Dataset Cards, source records, data lineage records, transformation records, quality records, bias records, completeness records, timeliness records, de-identification records, redaction records, aggregation records, sealing records, deletion records, retention records, access logs, model records, compute records, output records, correction records, and dependency records where applicable.

8.33.7(e) Where dataset authority, classification, permission, quality, public-safe status, access control, transfer status, AI-use status, or correction status changes, GCRI Canada shall update the Dataset Register and review affected models, embeddings, retrieval systems, outputs, dashboards, maps, publications, and dependencies.

8.33.7(f) The Dataset Register shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, infrastructure operation, or execution consequence by default.

8.33.7(g) The controlling rule shall be that datasets must be registered because data authority, sensitivity, quality, permission, and correction status determine whether evidence and AI outputs can be trusted.

***

8.33.8 System Card Register.\
8.33.8(a) GCRI Canada shall maintain, or cause to be maintained, a System Card Register for material technical systems used by or on behalf of GCRI Canada, including model-enabled systems, AI-assisted systems, retrieval systems, embedding systems, inference systems, dashboard systems, map systems, API systems, dataset systems, evidence-routing systems, observability systems, compute environments, secure research environments, controlled-room systems, data-room systems, clean-room systems, public-good software systems, technical baseline systems, benchmark systems, validation systems, correction workflow systems, source-comparison systems, confidence-scoring systems, uncertainty-treatment systems, and public-safe publication systems.

8.33.8(b) The System Card Register shall identify system title or identifier, system type, owner, custodian, steward, provider where any, developer where any, host where any, sponsor support where any, version, release status, deployment context, purpose, architecture status, data-flow status, model-flow status, access class, handling class, public-safe status, approved uses, prohibited uses, supported output classes, supported audiences, risk class, review status, incident status, correction path, supersession path, retirement path, archive path, and dependency links.

8.33.8(c) Each System Card entry shall link to applicable Model Register entries, Dataset Register entries, Compute Environment entries, Compute Workload entries, Benchmark Card entries, Evaluation Harness Records, Inference Records, Retrieval and Embedding Records, access-control records, logging records, monitoring records, incident records, correction records, and public-safe output records.

8.33.8(d) The System Card Register shall distinguish proposed systems, experimental systems, sandbox systems, approved systems, restricted systems, controlled-room systems, public-safe systems, public authority-facing systems, finance-facing systems, GRF-facing systems, GRA-facing systems, Protocol Authority-facing systems, suspended systems, corrected systems, superseded systems, deprecated systems, retired systems, archived systems, and prohibited systems.

8.33.8(e) Where system architecture, data flows, model flows, permissions, deployment context, output class, audience, risk class, incident status, or correction status changes materially, GCRI Canada shall update the System Card Register and review affected outputs, dependencies, and public-safe materials.

8.33.8(f) The System Card Register shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, infrastructure operation, or execution consequence by default.

8.33.8(g) The controlling rule shall be that systems must be registered because institutional risk arises from how data, models, people, tools, interfaces, and outputs interact.

***

8.33.9 Benchmark Card Register.\
8.33.9(a) GCRI Canada shall maintain, or cause to be maintained, a Benchmark Card Register for material benchmarks, tests, validation sprints, evaluation harnesses, performance comparisons, stress tests, negative tests, adversarial tests, public-safe tests, model evaluations, provider demonstrations, technical baseline tests, public-good software tests, observability tests, sensor tests, AI-RAN tests, O-RAN tests, cyber tests, geospatial tests, digital twin tests, simulation tests, secure compute tests, and other comparative or evaluative exercises.

8.33.9(b) The Benchmark Card Register shall identify benchmark title or identifier, benchmark type, owner, custodian, steward, sponsor where any, provider where any, host where any, public authority observer where any, version, status, purpose, scope, dataset, method, conditions, metrics, limitations, bias treatment, failure-mode treatment, reproducibility status, negative-test status, adversarial-test status, edge-case status, public-safe status, approved claims, prohibited claims, review status, correction path, supersession path, withdrawal path, retraction path where applicable, retirement path, archive path, and dependency links.

8.33.9(c) Benchmark entries shall identify whether results may be used for internal technical review, controlled-room review, public-safe publication, GRF input, GRA input, Protocol Authority input, public authority learning, provider-facing materials, sponsor-facing materials, Academy materials, technical baseline support, public-good software support, or correction only.

8.33.9(d) Benchmark entries shall identify prohibited interpretations, including no certification, no ranking, no procurement preference, no finance-readiness, no provider endorsement, no sponsor approval, no public authority approval, no protocol effect, no guarantee, no public warning, and no execution readiness by default.

8.33.9(e) Where a benchmark is corrected, challenged, rerun, reclassified, restricted, downgraded, superseded, withdrawn, retracted, retired, or archived, GCRI Canada shall update the Benchmark Card Register and review affected public-safe materials, provider materials, sponsor materials, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, and public claims.

8.33.9(f) The Benchmark Card Register shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, infrastructure operation, or execution consequence by default.

8.33.9(g) The controlling rule shall be that benchmarks must be registered because tests become dangerous when their limits, conditions, influence controls, and prohibited claims are not visible.

***

8.33.10 Inference Register.\
8.33.10(a) GCRI Canada shall maintain, or cause to be maintained, an Inference Register for material AI outputs, model-supported outputs, retrieval-supported outputs, embedding-supported outputs, classifier outputs, summarizer outputs, translator outputs, evaluator outputs, dashboard inferences, map inferences, API inferences, technical baseline inferences, public-good software inferences, and correction inferences used by or on behalf of GCRI Canada.

8.33.10(b) The Inference Register shall identify inference title or identifier, model, model version, system, system version, workload, environment, user or actor, date, purpose, input class, retrieval sources where applicable, embedding store where applicable, output class, output use status, classification, access class, handling class, public-safe status, confidence, uncertainty, limitations, human review status, reviewer where applicable, correction path, supersession path, withdrawal path, retraction path where applicable, retention status, archive path, and dependency links.

8.33.10(c) The Register shall distinguish draft inferences, internal inferences, controlled inferences, public-safe inferences, public authority-facing inferences, GRF-facing inferences, GRA-facing inferences, Protocol Authority-facing inferences, Observatory-facing inferences, Rails-facing inferences, Academy-facing inferences, provider-facing inferences, sponsor-facing inferences, host-facing inferences, community-facing inferences, rejected inferences, corrected inferences, superseded inferences, withdrawn inferences, retracted inferences, restricted inferences, sealed inferences, retired inferences, and archived inferences.

8.33.10(d) Inference entries shall link to Model Register entries, System Card entries, Dataset Register entries, Retrieval and Embedding Records, Compute Workload Records, Human Review Records, Output Class Register entries, Publication and Public-Safe Output Register entries, Correction Register entries, Dependency Register entries, and public claims records where applicable.

8.33.10(e) Where inference output is corrected, reclassified, rejected, restricted, superseded, withdrawn, retracted, sealed, archived, or incident-affected, GCRI Canada shall update the Inference Register and review affected outputs and dependencies.

8.33.10(f) The Inference Register shall not create truth, official decision, public warning, public authority meaning, finance-readiness, certification, recognition, protocol effect, procurement approval, provider preference, sponsor approval, operational clearance, or execution consequence by default.

8.33.10(g) The controlling rule shall be that inferences must be registered because AI outputs are easily copied, reused, and relied upon after their source, status, limits, and correction path have been forgotten.

***

8.33.11 Agentic AI Register.\
8.33.11(a) GCRI Canada shall maintain, or cause to be maintained, an Agentic AI Register for material agentic AI systems, autonomous or semi-autonomous model workflows, tool-using AI systems, AI orchestration layers, multi-agent systems, retrieval agents, coding agents, research agents, publication agents, dashboard agents, map agents, repository agents, data-processing agents, monitoring agents, correction agents, and interface agents used by or on behalf of GCRI Canada.

8.33.11(b) The Agentic AI Register shall identify agent title or identifier, purpose, model, model version, system, system version, owner, custodian, steward, provider where any, deployment environment, approved workload, approved users, approved tools, tool permission map, approved actions, prohibited actions, data access, retrieval sources, embedding stores, memory status where applicable, external communication status, publication status, code execution status, repository access status, deletion authority status, approval gates, logging controls, monitoring controls, kill switch, suspension path, incident path, correction path, retirement path, and archive path.

8.33.11(c) The Register shall distinguish proposed agents, experimental agents, sandbox agents, internal-only agents, controlled-room agents, public-safe-support agents, code-suggestion agents, code-execution agents, repository-write agents, dashboard agents, map agents, publication agents, communication agents, suspended agents, restricted agents, corrected agents, deprecated agents, retired agents, archived agents, and prohibited agents.

8.33.11(d) Agentic AI entries shall identify approval gates for external communication, publication, data movement, code execution, repository changes, contractual acts, public authority contact, financial references, security changes, deletion, sealing, archiving, reclassification, withdrawal, retraction, and correction.

8.33.11(e) Where agentic permissions, tools, memory, retrieval sources, model version, environment, external communication ability, code execution ability, publication ability, repository access, deletion ability, or incident status changes, GCRI Canada shall update the Agentic AI Register and review affected records, outputs, dependencies, and controls.

8.33.11(f) The Agentic AI Register shall not create authority to bind GCRI Canada, issue public warnings, make decisions, move data, publish externally, execute code, change repositories, contact public authorities, create finance references, change security settings, delete records, certify, recognize, approve, endorse, rate, guarantee, or execute by default.

8.33.11(g) The controlling rule shall be that agentic AI must be registered because AI systems that can act require explicit permission maps, approval gates, logs, kill switches, and correction paths.

***

8.33.12 AI Incident Register.\
8.33.12(a) GCRI Canada shall maintain, or cause to be maintained, an AI Incident Register for material AI incidents, suspected AI incidents, near misses, prohibited-action attempts, control failures, public overclaims, boundary breaches, model restrictions, model suspensions, output withdrawals, public-safe corrections, controlled notices, and post-incident reviews.

8.33.12(b) The AI Incident Register shall identify incident title or identifier, incident type, severity classification, date detected, date occurred where known, detecting actor, reporting actor, affected model, affected system, affected agent where any, affected retrieval source, affected embedding store, affected dataset, affected compute workload, affected environment, affected output, affected public-safe material, affected public authority material, affected GRF input, affected GRA input, affected Protocol Authority input, affected dashboard, affected map, affected technical baseline, affected provider material, affected sponsor material, affected community material, affected public claim, and affected dependencies.

8.33.12(c) The Register shall identify data affected, evidence affected, confidence effect, uncertainty effect, limitation effect, public-safe effect, privacy effect, cybersecurity effect, sovereign data effect, public authority effect, finance effect, provider effect, sponsor effect, protected knowledge effect, community effect, legal effect, public trust effect, and downstream dependency effect.

8.33.12(d) The Register shall identify containment actions, notification decisions, correction actions, model restriction decisions, system restriction decisions, retrieval correction decisions, embedding correction decisions, output withdrawal decisions, retraction decisions, public-safe correction notices, controlled notices, legal review, Board or committee reporting, independent review, residual risk, closeout requirements, closeout date, and archive treatment.

8.33.12(e) The AI Incident Register shall distinguish hallucination incidents, data leakage incidents, unauthorized agent action incidents, unsafe output incidents, bias incidents, discrimination incidents, exclusion incidents, harm incidents, model drift incidents, performance degradation incidents, retrieval leakage incidents, embedding leakage incidents, cross-context contamination incidents, public overclaim incidents, boundary breach incidents, vendor AI incidents, public AI tool misuse incidents, and correction failure incidents.

8.33.12(f) AI Incident Register access shall be controlled where entries involve personal information, rights-bearing data, public authority restricted material, cyber-sensitive information, infrastructure-sensitive information, sovereign data, protected knowledge, community-sensitive information, confidential source information, privileged materials, legal sensitivity, finance sensitivity, commercial sensitivity, controlled technology, export-control, sanctions, or other restricted materials.

8.33.12(g) The AI Incident Register shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution consequence by default.

8.33.12(h) The controlling rule shall be that AI incidents must be registered because institutional memory of model failure, unsafe output, data exposure, and boundary breach is necessary for correction and trust.

***

8.33.13 Proof Receipt Register.\
8.33.13(a) GCRI Canada shall maintain, or cause to be maintained, a Proof Receipt Register for material Proof Receipts issued, accepted, referenced, corrected, superseded, revoked, withdrawn, retracted, sealed, archived, or summarized by or on behalf of GCRI Canada.

8.33.13(b) The Proof Receipt Register shall identify receipt title or identifier, receipt type, event type, underlying record, artifact, dataset, model, software, compute workload, Observatory event, Truth Engine event, publication event, correction event, issuing actor or system, owner, custodian, steward, timestamp, hash or commitment where applicable, signature where applicable, anchoring method, anchoring location, DLT network where applicable, public-safe status, access class, handling class, permitted use, prohibited use, limitations, correction path, supersession path, revocation path, withdrawal path, retraction path where applicable, archive path, and dependency links.

8.33.13(c) The Register shall distinguish proposed receipts, issued receipts, internal receipts, controlled receipts, public-safe receipts, Protocol Authority interface receipts, GRF interface receipts, GRA interface receipts, Observatory receipts, Truth Engine receipts, compute receipts, dataset receipts, model receipts, software receipts, publication receipts, correction receipts, superseded receipts, revoked receipts, withdrawn receipts, retracted receipts, sealed receipts, retired receipts, archived receipts, and prohibited receipts.

8.33.13(d) Proof Receipt entries shall state what the receipt proves and what it does not prove. A Proof Receipt may evidence record existence, identity, version, timestamp, signature, hash, anchoring, sequence, custody, or tamper-evidence, but shall not by default prove truth, completeness, legality, public-safe status, certification, recognition, finance-readiness, public authority approval, provider endorsement, sponsor approval, protocol effect, operational clearance, or execution readiness.

8.33.13(e) Where a Proof Receipt is corrected, superseded, revoked, withdrawn, retracted, sealed, archived, or misused, GCRI Canada shall update the Register and review affected records, public-safe summaries, interface records, dependencies, and public claims.

8.33.13(f) Public-safe Proof Receipt summaries may be linked to the Register only where disclosure is lawful, safe, non-misleading, and consistent with restricted data, protected knowledge, privacy, cybersecurity, public authority, finance, provider, sponsor, and correction controls.

8.33.13(g) The Proof Receipt Register shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, infrastructure operation, or execution consequence by default.

8.33.13(h) The controlling rule shall be that Proof Receipts must be registered because technical receipts are useful only when their scope, limits, status, dependencies, and correction paths are visible.

***

8.33.14 Public-Safe AI Output Register.\
8.33.14(a) GCRI Canada shall maintain, or cause to be maintained, a Public-Safe AI Output Register for material public-safe AI outputs, model-supported outputs, Truth Engine outputs, Verifiable Compute outputs, Verifiable Intelligence outputs, Observatory outputs, dashboard outputs, map outputs, API outputs, dataset outputs, reports, technical notes, public-good software documentation, technical baseline summaries, Academy materials, public authority learning materials, GRF-facing public-safe materials, GRA-facing public-safe materials, Protocol Authority-facing public-safe materials, provider-facing public-safe materials, sponsor-facing public-safe materials, host-facing public-safe materials, community-facing public-safe materials, media materials, event materials, website materials, repository descriptions, and public claims involving AI-supported content.

8.33.14(b) The Public-Safe AI Output Register shall identify output title or identifier, output type, owner, custodian, steward, source records, dataset records, model records, system records, compute records where applicable, inference records, human review records, public-safe review records, version, release date, channel, intended audience, public-safe status, access status, publication status, confidence, uncertainty, limitations, AI-use disclosure where appropriate, public-safe omissions, boundary language, permitted use, prohibited use, correction path, supersession path, withdrawal path, retraction path where applicable, archive path, and dependency links.

8.33.14(c) The Register shall distinguish proposed public-safe AI outputs, approved public-safe AI outputs, released public-safe AI outputs, controlled-public outputs, public authority learning outputs, GRF-facing outputs, GRA-facing outputs, Protocol Authority-facing outputs, Observatory outputs, dashboard outputs, map outputs, API outputs, dataset outputs, technical baseline summaries, public-good software outputs, Academy outputs, corrected outputs, superseded outputs, withdrawn outputs, retracted outputs, restricted outputs, deprecated outputs, archived outputs, and prohibited outputs.

8.33.14(d) The Register shall identify where the output is displayed, published, hosted, mirrored, cited, embedded, API-exposed, dashboard-exposed, map-exposed, repository-exposed, socialized, included in event materials, included in sponsor materials, included in provider materials, included in public authority materials, included in GRF materials, included in GRA materials, included in Protocol Authority materials, or otherwise made available externally.

8.33.14(e) Where a public-safe AI output becomes inaccurate, stale, unsafe, overclaimed, misclassified, misused, superseded, withdrawn, retracted, restricted, or incident-affected, GCRI Canada shall update the Register and review affected dependencies and correction obligations.

8.33.14(f) The Public-Safe AI Output Register shall not create certification, recognition, finance-readiness, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, market authority, infrastructure operation, or execution consequence by default.

8.33.14(g) The controlling rule shall be that public-safe AI outputs must be registered because external AI-supported materials must remain findable, versioned, bounded, monitored, and correctable.

***

8.33.15 Correction, Supersession, Withdrawal, Retraction, Restriction, Suspension, Retirement, and Archive Register.\
8.33.15(a) GCRI Canada shall maintain, or cause to be maintained, a Correction, Supersession, Withdrawal, Retraction, Restriction, Suspension, Retirement, and Archive Register for material events affecting Truth Engine methods, source comparisons, confidence rules, compute workloads, compute environments, models, datasets, systems, benchmarks, inferences, agentic AI systems, AI incidents, Proof Receipts, public-safe AI outputs, Evidence Packs, Decision Packs, dashboards, maps, APIs, technical baselines, public-good software, public authority materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider materials, sponsor materials, host materials, community-facing materials, media materials, and public claims.

8.33.15(b) The Register shall identify event title or identifier, event type, affected record, affected artifact, affected output, affected register entry, affected interface, prior status, new status, reason, source of change, reviewer, approving actor where applicable, effective date, version relationship, correction basis, supersession basis, withdrawal basis, retraction basis where applicable, restriction basis, suspension basis, retirement basis, archive basis, public-safe status, access class, handling class, notice decision, dependency impact, residual risk, closeout status, and archive treatment.

8.33.15(c) Correction events shall identify inaccurate, incomplete, stale, unsafe, misclassified, overclaimed, source-defective, data-defective, method-defective, model-defective, compute-defective, inference-defective, public-safe-defective, public authority-defective, finance-boundary-defective, provider-neutrality-defective, sponsor-control-defective, protected-knowledge-defective, privacy-defective, cyber-defective, sovereign-data-defective, or correction-defective records or outputs.

8.33.15(d) Supersession events shall identify replacement records, replacement outputs, replacement versions, continuing validity where any, discontinued reliance where any, changed evidence, changed method, changed model, changed dataset, changed compute, changed confidence, changed uncertainty, changed classification, changed public-safe status, changed boundary language, and changed correction path.

8.33.15(e) Withdrawal and retraction events shall identify why active use, publication, reliance, public-safe status, interface routing, citation, dashboard exposure, map exposure, API exposure, or public claim status must cease or be publicly corrected, while preserving institutional memory and dependency review.

8.33.15(f) Restriction and suspension events shall identify narrowed uses, prohibited uses, affected data classes, affected output classes, affected audiences, interim controls, reinstatement conditions, notice decisions, and closeout requirements.

8.33.15(g) Retirement and archive events shall identify prohibited future uses, permitted archive uses, retained records, sealed records, deleted records, legal hold status, access restrictions, retrieval limits, public-safe summaries where any, dependency links, and future correction obligations.

8.33.15(h) The Register shall be linked, where applicable, to all affected registers and records, including Evidence Register entries, Dataset Register entries, Model Register entries, System Card entries, Benchmark Card entries, Compute Workload Records, Compute Environment Records, Inference Records, Human Review Records, Retrieval and Embedding Records, Agentic AI Records, AI Incident Records, Proof Receipt Records, Publication and Public-Safe Output Records, Correction Records, Dependency Records, Truth Engine audit logs, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.33.15(i) The Register shall not create certification, recognition, finance-readiness, investment advice, public authority decision, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning, emergency command, protocol effect, operational clearance, legal status, professional advice, market authority, infrastructure operation, or execution consequence by default.

8.33.15(j) The controlling rule shall be that every material change in truth-supporting, compute, model, dataset, system, benchmark, inference, agentic, proof, public-safe, or correction status must be registered because institutional trust depends on being able to see not only what is current, but what changed, why it changed, and what must no longer be relied upon.

### 8.34 Truth Engine, Compute, and AI Assurance

8.34.1 Periodic Truth Engine Methods Assurance.\
8.34.1(a) GCRI Canada shall maintain periodic assurance of Nexus Truth Engine methods used by or on behalf of GCRI Canada, including methods for source comparison, corroboration, contradiction handling, dispute handling, confidence scoring, uncertainty treatment, limitation statements, output classification, public-safe publication, correction, Verifiable Intelligence, Verifiable Compute, observability interpretation, dashboard interpretation, map interpretation, Evidence Pack support, Decision Pack support, public authority learning, GRF inputs, GRA inputs, Protocol Authority inputs, Nexus Rails handoffs, Nexus Grid inputs, Nexus Academy materials, public-good software, technical baselines, and public claims.

8.34.1(b) Truth Engine methods assurance shall review whether methods remain current, documented, versioned, records-valid, source-lined, reviewable, challengeable, public-safe, role-bounded, correctionable, and consistent with GCRI Canada’s public-benefit, non-executing, evidence-and-methods mandate.

8.34.1(c) Assurance shall assess whether registered methods are being used only for recorded purposes, approved evidence classes, data classes, output classes, audiences, technology domains, risk domains, public-safe statuses, public authority contexts, finance contexts, provider contexts, sponsor contexts, community contexts, protected knowledge contexts, and interface contexts.

8.34.1(d) Assurance shall identify method drift, undocumented method change, inconsistent method application, obsolete method use, unsupported method extension, excessive automation, false precision, inadequate human review, inadequate confidence treatment, inadequate uncertainty treatment, inadequate limitation treatment, public-safe weakness, boundary-language weakness, and correction-path weakness.

8.34.1(e) Assurance shall review whether Truth Engine methods continue to preserve the distinction between evidence support and official truth, public authority decision, finance-readiness, recognition, certification, protocol effect, procurement approval, provider preference, sponsor approval, public warning, emergency command, operational clearance, infrastructure operation, market authority, legal status, professional advice, or execution consequence.

8.34.1(f) Assurance may include sampling, record review, method replay where appropriate, independent review, challenge testing, public-safe review, interface review, model-use review, retrieval review, source-lineage review, correction review, and comparison against the Truth Engine Methods Register.

8.34.1(g) Where assurance identifies method defects, GCRI Canada shall require method correction, version update, restriction, suspension, supersession, retirement, training update, output review, dependency review, public-safe correction, controlled notice, or Board or committee reporting where appropriate.

8.34.1(h) The controlling rule shall be that Truth Engine methods require periodic assurance because methods that are not reviewed can quietly become authority, drift, or uncorrectable institutional practice.

***

8.34.2 Source Comparison Assurance.\
8.34.2(a) GCRI Canada shall maintain periodic assurance of material source comparison practices used in Nexus Truth Engine activities, Nexus Observatory activities, Verifiable Intelligence, Evidence Packs, Decision Packs, dashboards, maps, APIs, public-safe outputs, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, technical baselines, and public claims.

8.34.2(b) Source comparison assurance shall review whether source comparisons identify source authority, source independence, source reliability, source timeliness, source permission, source bias, source completeness, provenance, custody, public-safe status, source version, correction status, dispute status, and limitation status.

8.34.2(c) Assurance shall examine whether comparisons involving sensors, reference sensors, AI-RAN signals, O-RAN signals, private wireless signals, DePIN telemetry, cyber logs, geospatial data, Earth observation, satellite data, digital twins, simulations, public records, public authority context, community context, Indigenous or protected knowledge context, provider systems, sponsor-supplied data, host data, university or laboratory outputs, and historical records are treated according to their source class and risk.

8.34.2(d) Assurance shall assess whether corroboration is treated as method-based agreement rather than automatic truth, whether contradiction is treated as an evidence event requiring review, and whether missing, stale, spoofed, tampered, corrupted, incomplete, contested, synthetic, model-generated, or biased sources are properly qualified.

8.34.2(e) Assurance shall review whether source conflicts, public authority challenges, community challenges, provider challenges, sponsor challenges, host challenges, capital-reader challenges, and reviewer challenges are recorded, routed, resolved, qualified, downgraded, suspended, corrected, superseded, withdrawn, retracted, or archived as appropriate.

8.34.2(f) Assurance shall identify whether source comparisons are being overused to imply official truth, public warnings, emergency commands, finance-readiness, recognition, certification, provider ranking, sponsor validation, protocol effect, procurement relevance, or execution consequence.

8.34.2(g) Where source comparison assurance identifies defects, GCRI Canada shall require source re-check, comparison correction, confidence downgrade, uncertainty revision, limitation update, output correction, dashboard correction, map correction, public-safe correction, dependency review, or interface notice where appropriate.

8.34.2(h) The controlling rule shall be that source comparison assurance protects the institution from confusing source aggregation with evidence truth.

***

8.34.3 Confidence Scoring Assurance.\
8.34.3(a) GCRI Canada shall maintain periodic assurance of confidence scoring, confidence rules, confidence thresholds, confidence displays, confidence downgrade practices, confidence updates, confidence change logs, and confidence-related public-safe controls.

8.34.3(b) Confidence scoring assurance shall review whether confidence scores and confidence language are supported by source quality, source authority, corroboration, independence, timeliness, calibration, completeness, reproducibility where appropriate, review status, method reliability, model evaluation, retrieval grounding, compute integrity, data quality, and context.

8.34.3(c) Assurance shall review whether confidence is paired with uncertainty, limitations, source status, method status, model status where applicable, public-safe status, and correction path.

8.34.3(d) Assurance shall assess whether downgrade rules are applied for conflict, staleness, missing data, spoof risk, tamper risk, corruption, bias, model uncertainty, hallucination risk, retrieval weakness, embedding weakness, public authority ambiguity, finance-boundary risk, provider influence, sponsor influence, protected knowledge constraints, public-safe limits, and correction status.

8.34.3(e) Assurance shall review confidence displays in dashboards, maps, reports, APIs, datasets, public-safe summaries, Evidence Packs, Decision Packs, GRF inputs, GRA inputs, Protocol Authority inputs, public authority learning materials, provider materials, sponsor materials, host materials, community-facing materials, Academy materials, and public claims.

8.34.3(f) Assurance shall identify whether confidence scores are being misread, marketed, visualized, excerpted, or reused as ratings, certifications, recognitions, finance-readiness, investment advice, public authority decisions, procurement approvals, provider endorsements, sponsor approvals, protocol effects, public warnings, emergency commands, operational clearances, or execution readiness.

8.34.3(g) Where confidence scoring assurance identifies defects, GCRI Canada shall require confidence recalculation, confidence downgrade, confidence withdrawal, uncertainty revision, limitation update, dashboard relabeling, map relabeling, public-safe correction, controlled notice, training update, or Confidence Rules Register update.

8.34.3(h) The controlling rule shall be that confidence scoring assurance exists to ensure that confidence remains evidence-quality context and never becomes hidden authority.

***

8.34.4 Compute Workload Assurance.\
8.34.4(a) GCRI Canada shall maintain periodic assurance of material compute workloads supporting GCRI Canada outputs, Nexus Truth Engine activities, Verifiable Compute, Verifiable Intelligence, Nexus Observatory activities, model evaluation, dataset processing, evidence assembly, dashboards, maps, APIs, public-good software, technical baselines, public-safe publication, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider materials, sponsor materials, host materials, community-facing materials, and public claims.

8.34.4(b) Compute workload assurance shall review whether workloads are recorded in the Compute Workload Register, linked to appropriate source records, Dataset Cards, Model Register entries, System Cards, Method Register entries, Compute Environment Register entries, Inference Records where applicable, Human Review Records where applicable, output records, correction records, and dependency records.

8.34.4(c) Assurance shall review workload purpose, scope, authority, owner, custodian, data inputs, data classes, permissions, lawful basis where applicable, public authority restrictions, privacy restrictions, cybersecurity restrictions, sovereign data restrictions, protected knowledge restrictions, provider-use limits, sponsor-use limits, transfer limits, retention status, deletion status, sealing status, archive status, and correction path.

8.34.4(d) Assurance shall assess whether compute occurred in an approved environment appropriate to the workload, including public cloud, private cloud, sovereign cloud, secure enclave, confidential computing, compute-to-data, air-gapped, no-download, controlled-room, clean-room, data-room, public authority, university, provider, or sponsor-supported environment where applicable.

8.34.4(e) Assurance shall review logging, signing, hashing, timestamping, tamper-evidence, attestation, reproducibility notes, configuration records, code version, model version, dependency records, output identity, public-safe status, and human review status where material.

8.34.4(f) Assurance shall identify unauthorized compute, unmanaged compute, cross-border defects, insecure environments, missing logs, stale configurations, unreviewed code, unapproved model use, unapproved dataset use, unapproved public-safe output, and compute that creates boundary risk or execution implication.

8.34.4(g) Where compute workload assurance identifies defects, GCRI Canada shall require workload correction, rerun, restriction, suspension, environment change, data movement correction, output hold, output correction, dependency review, incident review, or register update.

8.34.4(h) The controlling rule shall be that compute workload assurance is required because evidence produced by compute is only as reliable as the recorded authority, environment, inputs, configuration, review, and correction path behind the workload.

***

8.34.5 Model Governance Assurance.\
8.34.5(a) GCRI Canada shall maintain periodic assurance of model governance for material AI, machine learning, statistical, simulation, digital twin, generative, agentic, retrieval, embedding, classification, forecasting, risk, inference, sensor-fusion, geospatial, cyber, climate, infrastructure, resilience, and public-safe communication systems used by or on behalf of GCRI Canada.

8.34.5(b) Model governance assurance shall review whether material models are registered, risk-classified, evaluated, limited, monitored, logged, human-reviewed where material, output-reviewed where material, incident-reviewable, lifecycle-managed, and correctionable.

8.34.5(c) Assurance shall assess Model Register entries, Model Cards, System Cards, Dataset Cards, Benchmark Cards, Evaluation Harness Records, Inference Records, Human Review Records, Retrieval and Embedding Records, Compute Workload Records, AI Incident Register entries, Model Lifecycle Records, and dependency records.

8.34.5(d) Assurance shall review model identity, version, provider, owner, custodian, deployment context, purpose, permitted uses, prohibited uses, audience, risk class, output class compatibility, data access, training data status where known, fine-tuning status, retrieval sources, embedding stores, evaluation status, incident history, restriction history, suspension history, deprecation history, retirement status, and correction path.

8.34.5(e) Assurance shall test whether models are being used outside approved purposes, output classes, data classes, audiences, environments, retrieval sources, embedding stores, public-safe statuses, public authority contexts, finance contexts, GRF contexts, GRA contexts, Protocol Authority contexts, provider-facing contexts, sponsor-facing contexts, or community-facing contexts.

8.34.5(f) Assurance shall identify hallucination risk, false citation risk, bias risk, drift risk, unsafe output risk, model-improvement risk, vendor-processing risk, public AI tool risk, data leakage risk, prompt-injection risk, tool-use risk, agentic overreach risk, protected knowledge risk, public-safe risk, public authority overclaim risk, finance overclaim risk, provider preference risk, sponsor validation risk, and correction failure risk.

8.34.5(g) Where model governance assurance identifies defects, GCRI Canada shall require model restriction, suspension, reevaluation, retraining where authorized, prompt revision, retrieval revision, embedding revision, output review escalation, public-safe restriction, lifecycle update, incident review, retirement, replacement review, or affected-output correction.

8.34.5(h) The controlling rule shall be that model governance assurance ensures models remain tools of evidence support, not unreviewed sources of institutional authority.

***

8.34.6 Dataset Governance Assurance.\
8.34.6(a) GCRI Canada shall maintain periodic assurance of dataset governance for material datasets used in evidence work, model governance, retrieval, embedding, training where authorized, fine-tuning where authorized, evaluation, benchmarking, Verifiable Compute, Verifiable Intelligence, Nexus Truth Engine activities, Nexus Observatory activities, public-safe publication, public authority learning, GRF inputs, GRA inputs, Protocol Authority inputs, dashboards, maps, APIs, Evidence Packs, Decision Packs, technical baselines, public-good software, provider materials, sponsor materials, host materials, community-facing materials, and public claims.

8.34.6(b) Dataset governance assurance shall review whether datasets are registered, carded, classified, permissioned, source-lined, provenance-supported, quality-reviewed, bias-reviewed, public-safe-reviewed, access-controlled, transfer-controlled, retention-controlled, deletion-controlled, correctionable, and linked to outputs and dependencies.

8.34.6(c) Assurance shall review dataset identity, owner, custodian, source, provenance, license, permissions, consent or non-consent treatment where applicable, lawful basis where applicable, use limits, data sensitivity, public authority status, personal information status, health-sensitive status, cyber-sensitive status, infrastructure-sensitive status, sovereign data status, finance-sensitive status, community-protected status, Indigenous or protected knowledge status, commercial sensitivity, export-control sensitivity, sanctions sensitivity, AI-use status, training-use status, embedding-use status, retrieval-use status, transfer status, retention status, and correction path.

8.34.6(d) Assurance shall assess dataset quality, completeness, bias, representativeness, timeliness, gaps, limitations, known errors, correction history, supersession history, withdrawal status, retraction status where applicable, and fitness for recorded purpose.

8.34.6(e) Assurance shall review whether datasets are used only for permitted training, fine-tuning, embedding, retrieval, evaluation, evidence, publication, dashboard, map, API, public authority learning, GRF input, GRA input, Protocol Authority input, provider-facing, sponsor-facing, host-facing, community-facing, Academy, technical baseline, or public claim purposes.

8.34.6(f) Assurance shall identify unauthorized dataset use, improper AI training, improper embedding, improper retrieval, improper cross-border transfer, improper public-safe publication, inadequate de-identification, inadequate redaction, inadequate aggregation, uncorrected bias, stale data, unpropagated correction, access-rule breach, and dataset-derived overclaim.

8.34.6(g) Where dataset governance assurance identifies defects, GCRI Canada shall require dataset correction, reclassification, restriction, re-permissioning, deletion, sealing, re-indexing, supersession, withdrawal, retraction, output correction, model review, retrieval review, or downstream dependency review.

8.34.6(h) The controlling rule shall be that dataset governance assurance protects evidence and AI systems from treating unauthorized, poor-quality, stale, biased, or unsafe data as institutional fact.

***

8.34.7 AI Use Assurance.\
8.34.7(a) GCRI Canada shall maintain periodic assurance of AI use across GCRI Canada functions, projects, interfaces, repositories, rooms, dashboards, maps, APIs, public-safe publication workflows, public authority learning workflows, GRF-facing workflows, GRA-facing workflows, Protocol Authority-facing workflows, provider-facing workflows, sponsor-facing workflows, host-facing workflows, community-facing workflows, and Academy workflows.

8.34.7(b) AI use assurance shall review whether AI tools, models, systems, public AI tools, vendor AI services, retrieval systems, embedding systems, model-enabled dashboards, model-enabled maps, model-enabled APIs, and AI-assisted drafting workflows are approved, classified, recorded, reviewed, logged, bounded, and correctionable.

8.34.7(c) Assurance shall assess whether AI outputs affecting evidence, public claims, public authority materials, publications, Docket inputs, Grid inputs, GRA inputs, GRF inputs, Protocol Authority inputs, dashboards, maps, technical baselines, public-good software, provider materials, sponsor materials, host materials, community-facing materials, and correction workflows have Inference Records and Human Review Records where required.

8.34.7(d) Assurance shall review compliance with restrictions on AI training, fine-tuning, embedding, retrieval, model improvement, vendor AI processing, public AI tools, sensitive prompts, uploads, pastes, copies, side channels, deletion pathways, unlearning limits, embedding store controls, and retrieval source review.

8.34.7(e) Assurance shall identify unmanaged AI use, unapproved public AI tool use, unauthorized vendor AI processing, missing inference records, missing human review, model-output overclaim, AI-as-authority risk, hallucination risk, privacy exposure, cybersecurity exposure, protected knowledge exposure, public authority overclaim, finance overclaim, provider preference, sponsor validation, certification implication, recognition implication, protocol implication, public warning implication, and execution implication.

8.34.7(f) Assurance shall include review of AI-use disclosures where appropriate, public-safe boundary language, model-use limitations, output classification, output use status, correction paths, and downstream dependencies.

8.34.7(g) Where AI use assurance identifies defects, GCRI Canada shall require output correction, access restriction, tool restriction, model restriction, vendor restriction, public AI prohibition, training update, human review update, incident review, public-safe correction, controlled notice, or governance escalation.

8.34.7(h) The controlling rule shall be that AI use assurance ensures AI remains a governed support mechanism rather than an unmanaged institutional author.

***

8.34.8 Agentic AI Assurance.\
8.34.8(a) GCRI Canada shall maintain periodic assurance of agentic AI systems, autonomous or semi-autonomous model workflows, tool-using AI systems, AI orchestration layers, multi-agent systems, retrieval agents, coding agents, research agents, publication agents, dashboard agents, map agents, repository agents, data-processing agents, monitoring agents, correction agents, and interface agents.

8.34.8(b) Agentic AI assurance shall review whether each material agent is registered, purpose-bound, tool-mapped, least-privileged, sandboxed, segmented, monitored, logged, human-gated where required, kill-switch-enabled, incident-reviewable, and correctionable.

8.34.8(c) Assurance shall review tool permission maps, approval gates, external communication permissions, publication permissions, data movement permissions, code execution permissions, repository change permissions, contractual-act restrictions, public authority contact restrictions, financial-reference restrictions, security-change restrictions, deletion restrictions, memory status where applicable, action logs, tool logs, memory logs where applicable, agent logs, and incident logs.

8.34.8(d) Assurance shall test prohibited-action controls, permission escalation controls, prompt-injection controls, unauthorized retrieval controls, unauthorized embedding controls, public-safe controls, external communication controls, code execution controls, repository-write controls, dashboard-change controls, map-change controls, deletion controls, security-change controls, and kill-switch functionality where appropriate.

8.34.8(e) Assurance shall identify agentic overreach, self-expanded permissions, unapproved tool use, approval-gate bypass, unlogged actions, unsafe memory, cross-tenant retrieval, cross-program retrieval, cross-entity retrieval, cross-border retrieval, unsafe publication, unauthorized external contact, unauthorized data movement, unsafe code execution, unauthorized repository change, public authority overclaim, finance overclaim, provider preference, sponsor validation, and binding-authority confusion.

8.34.8(f) Agentic AI assurance shall confirm that agents do not bind GCRI Canada, issue public warnings, make official decisions, contact public authorities without authorization, publish externally without human approval, create finance references without review, change security settings without gates, delete records without gates, or perform prohibited functions.

8.34.8(g) Where agentic AI assurance identifies defects, GCRI Canada shall restrict permissions, disable tools, suspend agents, activate kill switches, reconfigure sandboxes, strengthen approval gates, update prompts, update monitoring, update training, correct affected outputs, review incidents, or retire agents as appropriate.

8.34.8(h) The controlling rule shall be that agentic AI assurance must prove that an agent can be trusted not only to answer, but to refrain from acting outside authority.

***

8.34.9 Public-Safe Output Assurance.\
8.34.9(a) GCRI Canada shall maintain periodic assurance of public-safe Truth Engine, compute, AI, Verifiable Intelligence, Observatory, dashboard, map, API, dataset, report, technical note, public-good software, technical baseline, Academy, public authority learning, GRF-facing, GRA-facing, Protocol Authority-facing, provider-facing, sponsor-facing, host-facing, community-facing, media, event, repository, website, and public claim outputs.

8.34.9(b) Public-safe output assurance shall review whether released outputs remain accurate, current, source-lined, confidence-aware, uncertainty-aware, limitation-aware, boundary-bounded, public-safe, privacy-protective, cybersecurity-safe, sovereignty-compatible, protected-knowledge-safe, provider-neutral, sponsor-non-controlled, correctionable, and consistent with GCRI Canada’s mandate.

8.34.9(c) Assurance shall review titles, summaries, headings, charts, tables, labels, scores, confidence displays, uncertainty displays, dashboard colors, map layers, icons, legends, geospatial precision, API fields, metadata, file names, repository descriptions, captions, public authority references, provider references, sponsor acknowledgments, Nexus references, social summaries, translations, and likely third-party reuse.

8.34.9(d) Assurance shall prioritize high-visibility outputs, high-consequence outputs, public authority-relevant outputs, finance-relevant outputs, GRF-relevant outputs, GRA-relevant outputs, Protocol Authority-relevant outputs, dashboards, maps, APIs, datasets, benchmark summaries, Proof Receipt summaries, AI-generated summaries, provider-relevant outputs, sponsor-relevant outputs, community-facing outputs, protected knowledge-relevant outputs, corrected outputs, disputed outputs, superseded outputs, and outputs with significant downstream dependencies.

8.34.9(e) Assurance shall identify stale public outputs, missing limitations, missing boundary language, omitted uncertainty, misleading confidence, unsafe public-safe omissions, unsafe geospatial detail, public warning implication, public authority implication, finance implication, provider preference, sponsor validation, certification implication, recognition implication, protocol implication, procurement implication, and execution implication.

8.34.9(f) Where public-safe output assurance identifies defects, GCRI Canada shall require correction, supersession, withdrawal, retraction, relabeling, revised boundary language, revised confidence treatment, revised uncertainty treatment, revised limitation statements, dashboard revision, map revision, API revision, dataset revision, repository revision, publication update, public-safe correction notice, controlled notice, access restriction, or Board or committee reporting where material.

8.34.9(g) Public-safe output assurance shall not be represented as certification, recognition, finance-readiness, public authority approval, procurement approval, provider endorsement, sponsor approval, rating, guarantee, public warning authority, emergency-command authority, protocol effect, operational clearance, legal status, market authority, infrastructure operation, or execution readiness.

8.34.9(h) The controlling rule shall be that public-safe output assurance keeps external outputs trustworthy over time without converting them into final, official, financial, authoritative, or executable instruments.

***

8.34.10 Public Authority Boundary Assurance.\
8.34.10(a) GCRI Canada shall maintain periodic assurance of public authority boundaries in Truth Engine, compute, AI, Verifiable Intelligence, Observatory, public authority learning, dashboard, map, API, dataset, report, technical note, public-good software, Academy, GRF-facing, GRA-facing, Protocol Authority-facing, provider-facing, sponsor-facing, host-facing, community-facing, media, event, repository, and public claim contexts.

8.34.10(b) Public authority boundary assurance shall review whether outputs, interfaces, rooms, records, dashboards, maps, APIs, public-safe summaries, public authority references, agency names, logos, quotations, attendance descriptions, regulator-listening references, emergency-management references, procurement references, funding references, public finance references, and jurisdictional references preserve capacity classification and do not imply unauthorized public authority meaning.

8.34.10(c) Assurance shall assess whether public authority-facing materials include appropriate non-delegation, non-endorsement, non-regulatory, non-procurement, non-funding, non-public-finance, no-public-warning, no-emergency-command, confidence, uncertainty, limitation, permitted-use, prohibited-use, and correction language.

8.34.10(d) Assurance shall review whether public authority data controls, official or non-official status, data-sharing terms, confidentiality, access limits, processing limits, retention limits, publication limits, agency reference controls, and correction paths are followed.

8.34.10(e) Assurance shall identify outputs that could be misread as official guidance, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, public health order, public safety directive, compliance determination, enforcement position, safe harbor, permit, license, public adoption, sovereign obligation, or delegated public power.

8.34.10(f) Where public authority boundary assurance identifies defects, GCRI Canada shall require revised language, reference removal, public-safe correction, controlled notice, public authority interface notice, access restriction, reclassification, withdrawal, retraction, training update, interface agreement update, or governance escalation.

8.34.10(g) Public authority boundary assurance shall not suppress accurate evidence merely because evidence may be uncomfortable to a public authority, but it shall prevent GCRI Canada from becoming or appearing to become a public authority.

8.34.10(h) The controlling rule shall be that public authority boundary assurance protects public learning from becoming unauthorized public power.

***

8.34.11 Finance-Readiness Boundary Assurance.\
8.34.11(a) GCRI Canada shall maintain periodic assurance of finance-readiness boundaries in Truth Engine, compute, AI, Verifiable Intelligence, Observatory, GRA-facing, Rails-facing, finance-facing, capital-reader-facing, sponsor-facing, provider-facing, host-facing, National Company-facing, Project SPV-facing, public authority-facing, dashboard, map, API, dataset, report, technical note, public-good software, Academy, media, event, repository, and public claim contexts.

8.34.11(b) Finance-readiness boundary assurance shall review whether outputs, records, Proof Packs, RNFD inputs, NFD inputs, UNFSD inputs, insurance-readiness inputs, capital-reader literacy materials, host readiness evidence, node evidence, risk evidence, resilience evidence, dashboards, maps, benchmark summaries, Proof Receipt summaries, public-safe summaries, and public claims preserve GCRI Canada’s non-financial, non-advisory, non-rating, non-guaranteeing role.

8.34.11(c) Assurance shall assess whether finance-facing materials include appropriate no-advice, no-solicitation, no-rating, no-guarantee, no-public-finance-approval, no-capital-commitment, no-bankability, no-fundability, confidence, uncertainty, limitation, permitted-use, prohibited-use, and correction language.

8.34.11(d) Assurance shall identify outputs that could be misread as finance-readiness, capital-readiness, insurance-readiness, investment advice, securities recommendation, brokerage, placement, finder activity, lending decision, underwriting decision, insurance approval, rating, guarantee, public finance approval, bankability, fundability, capital commitment, credit quality, insurance quality, investment quality, or financial suitability.

8.34.11(e) Assurance shall review whether confidence scores, risk indicators, resilience indicators, readiness-context language, benchmark results, dashboards, maps, and AI-generated summaries are being used or framed as financial status or financial advice.

8.34.11(f) Where finance-readiness boundary assurance identifies defects, GCRI Canada shall require revised boundary language, reclassification, controlled-room treatment, finance-safe revision, public-safe correction, controlled notice, GRA interface notice, output restriction, withdrawal, retraction, training update, interface agreement update, or governance escalation.

8.34.11(g) Finance-readiness boundary assurance shall not suppress accurate technical evidence merely because it may be useful to capital readers, but it shall prevent GCRI Canada from producing or appearing to produce financial advice, ratings, guarantees, approvals, or capital consequences.

8.34.11(h) The controlling rule shall be that finance-readiness boundary assurance preserves evidence usefulness while preventing financial consequence by implication.

***

8.34.12 Provider Neutrality and Sponsor Non-Control Assurance.\
8.34.12(a) GCRI Canada shall maintain periodic assurance of provider neutrality and sponsor non-control across Truth Engine, compute, AI, Verifiable Intelligence, Observatory, benchmark, validation sprint, public-safe publication, dashboard, map, API, dataset, report, technical note, public-good software, technical baseline, Academy, public authority learning, GRF-facing, GRA-facing, Protocol Authority-facing, National Company-facing, Project SPV-facing, provider-facing, sponsor-facing, host-facing, community-facing, media, event, repository, and public claim contexts.

8.34.12(b) Provider neutrality assurance shall review whether provider participation, provider data, provider equipment, provider tooling, provider AI, provider compute, provider dashboards, provider sensors, provider demonstrations, validation sprints, benchmarks, technical notes, public-safe summaries, and public claims are framed and governed without endorsement, procurement preference, provider ranking, public tender advantage, preferred-provider status, certification, recognition, Nexus-compatible status, Protocol Authority effect, market superiority, or execution implication.

8.34.12(c) Sponsor non-control assurance shall review whether sponsor support, funding, convening support, facilities support, technology access, data access, event support, publication support, or participation is governed without outcome purchase, evidence control, publication control, public authority access purchase, provider access purchase, recognition control, finance-readiness control, protocol-effect control, procurement influence, or execution influence.

8.34.12(d) Assurance shall review conflicts, influence controls, funding records, sponsor acknowledgments, provider acknowledgments, benchmark conditions, validation-sprint conditions, publication rights, public-safe review independence, reviewer conflict disclosures, room access, data access, dashboard display, map display, provider naming, sponsor naming, logos, headings, captions, repository descriptions, social summaries, event materials, and public claims.

8.34.12(e) Assurance shall identify provider-preferential language, sponsor-validating language, biased benchmark framing, selective publication, hidden sponsor influence, hidden provider configuration, public authority access implication, procurement implication, finance implication, certification implication, recognition implication, protocol implication, and execution implication.

8.34.12(f) Where provider neutrality or sponsor non-control assurance identifies defects, GCRI Canada shall require disclosure correction, boundary-language revision, publication correction, benchmark correction, validation-sprint correction, dashboard relabeling, map relabeling, provider-reference removal, sponsor-reference correction, access restriction, interface suspension, contract remedy, training update, or governance escalation.

8.34.12(g) Provider neutrality and sponsor non-control assurance shall not prevent providers or sponsors from contributing data, equipment, tools, funding, or participation where properly governed, but it shall prevent such contribution from controlling evidence, public meaning, authority, status, or execution.

8.34.12(h) The controlling rule shall be that provider and sponsor participation may support public-good work only where institutional truth, publication, boundaries, and correction remain independent.

***

8.34.13 Privacy, Cybersecurity, Sovereign Data, Protected Knowledge, and Safeguards Assurance.\
8.34.13(a) GCRI Canada shall maintain periodic assurance of privacy, data rights, cybersecurity, sovereign data, public authority data, protected knowledge, community safeguards, Indigenous safeguards, source protection, confidentiality, legal sensitivity, export-control, sanctions, controlled technology, and do-no-harm controls across Truth Engine, compute, AI, Verifiable Intelligence, Observatory, datasets, models, systems, benchmarks, inferences, retrieval, embedding, agentic AI, dashboards, maps, APIs, public-safe publications, controlled rooms, data rooms, clean rooms, and interfaces.

8.34.13(b) Privacy assurance shall review purpose limitation, minimization, lawful basis where applicable, consent or non-consent treatment where applicable, personal information status, rights-bearing data status, de-identification, pseudonymization, aggregation, redaction, re-identification risk, inference risk, location privacy, small-group identifiability, metadata exposure, retention, deletion, access controls, and public-safe release.

8.34.13(c) Cybersecurity assurance shall review access controls, identity controls, secrets controls, key management, token management, credential controls, logging, monitoring, vulnerability handling, dependency controls, repository controls, API controls, dashboard controls, map controls, cyber-sensitive data handling, infrastructure-sensitive data handling, incident response, and public-safe cyber disclosure.

8.34.13(d) Sovereign data assurance shall review data residency, localization, cross-border transfer, cloud region, support access, subprocessors, public authority data zones, compute-to-data treatment, secure enclave treatment, air-gapped treatment, Indigenous data considerations, community data safeguards, jurisdictional access limits, backup location, archive location, deletion obligations, and compelled-access risk.

8.34.13(e) Protected knowledge and safeguards assurance shall review community protocols, Indigenous protocols where applicable, consent or non-consent where applicable, territorial context, cultural context, environmental knowledge context, traditional ecological knowledge, sensitive-site treatment, protected knowledge restrictions, public-safe mapping limits, source protection, withdrawal or challenge pathways, attribution, non-extraction, non-commodification, accessibility, translation, localization, retaliation risk, vulnerable community risk, and do-no-harm controls.

8.34.13(f) Assurance shall review whether personal, public authority, health-sensitive, cyber-sensitive, infrastructure-sensitive, finance-sensitive, community-protected, Indigenous, protected knowledge, confidential, privileged, controlled-technology, export-controlled, or sanctions-sensitive materials are being improperly trained on, fine-tuned on, embedded, retrieved, summarized, translated, visualized, mapped, published, exported, or reused.

8.34.13(g) Where assurance identifies privacy, cybersecurity, sovereign data, protected knowledge, or safeguards defects, GCRI Canada shall require access restriction, deletion, sealing, reclassification, public-safe correction, controlled notice, incident review, legal review, public authority review where applicable, safeguards review, community notice where appropriate, model restriction, dataset correction, retrieval correction, embedding deletion, dashboard correction, map correction, training update, technical control update, or governance escalation.

8.34.13(h) The controlling rule shall be that truth-supporting systems are not trustworthy unless they protect the rights, security, sovereignty, knowledge, dignity, and safety of the people, communities, authorities, and systems whose data they touch.

***

8.34.14 Assurance Findings, Corrective Action Plans, Training Updates, Technical Control Updates, and Board Reporting.\
8.34.14(a) GCRI Canada shall document material assurance findings arising from Truth Engine methods assurance, source comparison assurance, confidence scoring assurance, compute workload assurance, model governance assurance, dataset governance assurance, AI use assurance, agentic AI assurance, public-safe output assurance, public authority boundary assurance, finance-readiness boundary assurance, provider neutrality and sponsor non-control assurance, privacy assurance, cybersecurity assurance, sovereign data assurance, protected knowledge assurance, safeguards assurance, and related assurance activities.

8.34.14(b) Assurance findings shall identify review scope, review period, reviewers, records reviewed, systems reviewed, outputs reviewed, interfaces reviewed, defects identified, strengths identified where material, risks identified, affected dependencies, severity, corrective action required, responsible owner, deadline, interim controls, notice decisions, residual risk, closeout criteria, and archive treatment.

8.34.14(c) Corrective Action Plans shall be required where assurance identifies material defects, repeated defects, systemic weaknesses, high-consequence risks, public-safe weaknesses, public authority boundary weaknesses, finance-boundary weaknesses, provider-neutrality weaknesses, sponsor non-control weaknesses, privacy defects, cybersecurity defects, sovereign data defects, protected knowledge defects, safeguards defects, correction failures, or institutional drift.

8.34.14(d) Corrective Action Plans may require method updates, register updates, record corrections, confidence recalibration, uncertainty revision, limitation revision, source re-check, dataset correction, model restriction, model suspension, model replacement, retrieval reconfiguration, embedding deletion or re-indexing, agentic permission narrowing, sandbox strengthening, public-safe output correction, dashboard correction, map correction, API correction, publication correction, interface agreement update, vendor restriction, provider interface restriction, sponsor acknowledgment correction, public authority reference correction, controlled notice, public-safe notice, withdrawal, retraction, or independent review.

8.34.14(e) Training updates shall be required where assurance findings indicate knowledge gaps among directors, officers, staff, fellows, advisors, reviewers, repository maintainers, public-safe publication teams, technical teams, public authority interface teams, GRF interface teams, GRA interface teams, Protocol Authority interface teams, provider-facing teams, sponsor-facing teams, host-facing teams, community-facing teams, Academy teams, or other participants.

8.34.14(f) Technical control updates may include access-control changes, logging updates, monitoring updates, retrieval filters, embedding controls, model restrictions, public AI tool blocks, vendor AI configuration changes, data-loss prevention controls, secure enclave requirements, compute-to-data requirements, dashboard controls, map controls, API controls, repository controls, credential controls, key rotation, prompt-injection defenses, approval gates, kill-switch testing, and incident-response improvements.

8.34.14(g) Board or committee reporting shall be required for material assurance findings involving high or systemic risk, public-safe failure, public authority boundary risk, finance-boundary risk, provider neutrality or sponsor non-control risk, privacy incident, cybersecurity incident, sovereign data issue, protected knowledge issue, major correction, major withdrawal, major retraction, repeated AI incidents, material model suspension, significant public overclaim, or significant institutional drift.

8.34.14(h) Assurance findings, Corrective Action Plans, training updates, technical control updates, and Board reporting shall be linked, where applicable, to the Truth Engine Methods Register, Source Comparison Register, Confidence Rules Register, Compute Workload Register, Compute Environment Register, Model Register, Dataset Register, System Card Register, Benchmark Card Register, Inference Register, Agentic AI Register, AI Incident Register, Proof Receipt Register, Public-Safe AI Output Register, Correction and Archive Register, Dependency Register, public authority records, GRF interface records, GRA interface records, Protocol Authority interface records, provider records, sponsor records, host records, community records, Nexus interface records, and public claims records.

8.34.14(i) Assurance reporting shall not be used to conceal defects, launder overclaims, protect sponsors, protect providers, avoid public authority discomfort, preserve finance-facing usefulness, suppress legitimate challenge, or convert assurance into certification, recognition, finance-readiness, public authority approval, procurement approval, provider endorsement, sponsor approval, rating, guarantee, protocol effect, operational clearance, legal status, infrastructure operation, or execution readiness.

8.34.14(j) The controlling rule shall be that assurance is complete only when findings become correction, correction becomes training and technical improvement, and material governance risk is visible to the responsible institutional level.

### 8.35 Part VIII Closing Integration Clause

8.35.1 Part VIII shall govern the Nexus Truth Engine methods, verifiable compute, verifiable intelligence, model governance, and AI-use reading of all later Parts.\
8.35.1(a) This Part VIII shall govern the interpretation, application, operation, recordkeeping, assurance, interface, publication, correction, and boundary treatment of all later Parts of this Charter to the extent that such later Parts involve or rely upon the Nexus Truth Engine, Verifiable Compute, Verifiable Intelligence, model governance, AI use, AI-assisted analysis, AI-supported drafting, retrieval, embedding, inference, agentic AI, digital twins, simulations, compute workloads, compute environments, Proof Receipts, dashboards, maps, APIs, datasets, benchmarks, public-good software, open technical baselines, public-safe outputs, public authority learning materials, GRF inputs, GRA inputs, Protocol Authority inputs, provider-facing materials, sponsor-facing materials, host-facing materials, community-facing materials, Academy materials, media materials, or public claims.

8.35.1(b) All later Parts shall be read subject to the requirements of this Part VIII concerning source lineage, data lineage, method versioning, model registration, Dataset Cards, System Cards, Benchmark Cards, Compute Workload Records, Compute Environment Records, Inference Records, Human Review Records, Retrieval and Embedding Records, Agentic AI Records, AI Incident Records, Proof Receipt Records, Public-Safe Output Records, correction records, dependency records, assurance records, access controls, classification, handling class, public-safe status, confidence, uncertainty, limitations, permitted use, prohibited use, boundary language, and correction path.

8.35.1(c) No later governance, operating, interface, publication, training, public authority learning, finance-facing, GRF-facing, GRA-facing, Protocol Authority-facing, provider-facing, sponsor-facing, host-facing, community-facing, National Company-facing, Project SPV-facing, Academy-facing, public-safe, or Nexus-facing provision shall be interpreted as reducing the record, review, boundary, privacy, cybersecurity, sovereign data, protected knowledge, public-safe, human-accountability, or correction requirements established by this Part VIII.

8.35.1(d) Where later Parts establish functions, committees, programs, interfaces, outputs, registers, publications, evidence products, learning products, public-good software products, technical baselines, dashboards, maps, APIs, datasets, or public claims, such later Parts shall be interpreted as requiring compliance with this Part VIII whenever model-enabled systems, AI outputs, compute records, Truth Engine methods, Verifiable Intelligence, Proof Receipts, or public-safe technical outputs materially affect institutional meaning.

8.35.1(e) This Part VIII shall be read together with GCRI Canada’s non-executing character, public-benefit purpose, legal separateness, anti-capture duties, public-good stack discipline, role separation from GRF, GRA, Protocol Authority, public authorities, National Companies, Project SPVs, providers, sponsors, hosts, and execution actors, and its duties of validity-by-record, correctionability, public-safe publication, privacy, cybersecurity, sovereign data protection, protected knowledge safeguards, provider neutrality, and sponsor non-control.

8.35.1(f) The existence of later operational detail shall not imply that GCRI Canada has moved from evidence, methods, observability, ontology, public-good software, public authority learning, public-safe publication, Verifiable Compute, Verifiable Intelligence, and correction into execution, public authority action, finance action, procurement action, certification, recognition, protocol authority, infrastructure operation, or market operation.

8.35.1(g) The controlling rule shall be that all later Parts shall treat Truth Engine, compute, model, AI, and verifiable-record practices as governed evidence infrastructure, not as autonomous authority.

***

8.35.2 No later Part shall be interpreted to convert Truth Engine outputs, verifiable compute records, verifiable intelligence outputs, model outputs, AI outputs, digital twin outputs, proof receipts, confidence scores, corroboration results, source comparisons, dashboards, maps, reports, APIs, or datasets into official truth, public authority meaning, public warnings, emergency command, recognition, maturity, claims approval, finance-readiness, investment advice, insurance approval, rating, guarantee, certification, procurement approval, provider preference, protocol effect, or execution consequence by implication.\
8.35.2(a) No later Part shall be interpreted to convert, elevate, deem, imply, or allow the conversion of Truth Engine outputs, Verifiable Compute records, Verifiable Intelligence outputs, AI outputs, model outputs, inference outputs, retrieval outputs, embedding outputs, agentic AI outputs, simulation outputs, digital twin outputs, Proof Receipts, confidence scores, uncertainty statements, corroboration results, contradiction results, dispute outcomes, source comparisons, observability records, dashboards, maps, reports, APIs, datasets, benchmark results, Evidence Packs, Decision Packs, technical notes, public-good software outputs, open technical baseline records, public-safe summaries, controlled annexes, or correction notices into authority by implication.

8.35.2(b) No such output or record shall constitute official truth, public-law truth, final truth, public authority meaning, official guidance, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, public health order, public safety directive, compliance determination, enforcement position, safe harbor, permit, license, public adoption, sovereign obligation, or delegated public power by default.

8.35.2(c) No such output or record shall constitute GRF recognition, GRF standing, maturity record, claims approval, stakeholder formation, registry status, public-facing legitimacy, public-safe reporting status, or public claim approval by GCRI Canada.

8.35.2(d) No such output or record shall constitute GRA finance-readiness, capital-readiness, insurance-readiness, Proof Pack status, investment advice, securities recommendation, brokerage, placement, finder activity, lending decision, underwriting decision, insurance approval, rating, guarantee, public finance approval, bankability, fundability, capital commitment, credit quality, insurance quality, investment quality, or financial suitability by GCRI Canada.

8.35.2(e) No such output or record shall constitute Protocol Authority effect, certification, conformance determination, standards approval, Nexus-compatible status, role key, smart license, entitlement state, proof-receipt legal effect, external force, technical validity status, operational clearance, or execution authority by GCRI Canada.

8.35.2(f) No such output or record shall constitute procurement approval, vendor award, provider preference, preferred supplier status, provider ranking, provider endorsement, sponsor approval, sponsor validation, host approval, project approval, operational instruction, infrastructure command, deployment instruction, market authority, legal status, professional advice, contractual obligation, National Company execution, Project SPV execution, or other execution consequence by implication.

8.35.2(g) Later Parts shall not permit any person to market, label, cite, summarize, translate, display, excerpt, embed, retrieve, dashboard, map, badge, score, rank, or otherwise present outputs or records under this Part VIII in a manner that creates unauthorized authority, status, readiness, approval, endorsement, warning, command, finance consequence, procurement consequence, protocol consequence, or execution consequence.

8.35.2(h) Where a competent separate actor, including a public authority, GRF, GRA, Protocol Authority, National Company, Project SPV, provider, host, sponsor, or finance actor, lawfully uses GCRI Canada outputs within its own authority, process, records, and accountability, such use shall remain the separate actor’s own use and shall not be attributed to GCRI Canada as authority, approval, endorsement, readiness, command, or execution.

8.35.2(i) The controlling rule shall be that later Parts may increase the usefulness of evidence, compute, AI, and verifiable records, but shall not increase their authority beyond the record.

***

8.35.3 No later Part shall be interpreted to permit AI use without model governance, inference records, human review where material, privacy controls, cybersecurity controls, public-safe review, source-lineage controls, and correction path.\
8.35.3(a) No later Part shall be interpreted to permit material AI use, model use, retrieval use, embedding use, agentic AI use, AI-assisted drafting, AI-supported evidence analysis, AI-supported dashboarding, AI-supported mapping, AI-supported publication, AI-supported public authority learning, AI-supported GRF input, AI-supported GRA input, AI-supported Protocol Authority input, AI-supported provider-facing material, AI-supported sponsor-facing material, AI-supported host-facing material, AI-supported community-facing material, or AI-supported public claim unless the use is governed by records and controls proportionate to risk.

8.35.3(b) Required governance shall include, where material, Model Register entry, Model Card, System Card, Dataset Card, Benchmark Card, Evaluation Harness Record, Compute Workload Record, Compute Environment Record, Retrieval and Embedding Record, Inference Record, Human Review Record, output-class record, public-safe review record, AI Incident path, correction path, dependency link, and lifecycle record.

8.35.3(c) Material AI outputs shall not be used without source-lineage controls sufficient to identify source records, source authority, source version, source status, source classification, public-safe status, confidence, uncertainty, limitations, correction status, supersession status, withdrawal status, retraction status where applicable, and permitted-use limits.

8.35.3(d) Material AI outputs shall not be used without human review where the output affects evidence meaning, public-safe release, public authority interpretation, finance-facing interpretation, GRF input, GRA input, Protocol Authority input, provider-facing use, sponsor-facing use, community-facing use, protected knowledge treatment, dashboard meaning, map meaning, public claims, correction, or downstream dependency.

8.35.3(e) Material AI use shall be subject to privacy controls, data rights controls, cybersecurity controls, sovereign data controls, public authority data controls, community safeguards, Indigenous safeguards, protected knowledge safeguards, source protection, confidentiality controls, legal sensitivity controls, export-control controls, sanctions controls, controlled-technology controls, and public-safe publication controls where applicable.

8.35.3(f) No later Part shall permit sensitive Nexus, GCRI Canada, public authority, personal, health-sensitive, cyber-sensitive, infrastructure-sensitive, sovereign, finance-sensitive, community-protected, Indigenous, protected knowledge, confidential, privileged, controlled-technology, export-controlled, sanctions-sensitive, or restricted materials to be used for training, fine-tuning, embedding, retrieval, vendor model improvement, public AI tool processing, or agentic workflows without express recorded authority and appropriate safeguards.

8.35.3(g) No later Part shall permit agentic AI to act externally, publish, communicate, move data, execute code, change repositories, alter dashboards, alter maps, contact public authorities, make financial references, change security settings, delete records, bind GCRI Canada, or perform prohibited functions without the approval gates, tool permissions, logs, monitoring, kill switches, incident paths, and correction controls required by this Part VIII.

8.35.3(h) No later Part shall permit AI output to become institutionally material merely by being copied, pasted, summarized, translated, embedded, displayed, cited, linked, dashboarded, mapped, or incorporated into another artifact without required classification, review, context, record, and correction path.

8.35.3(i) Where later Parts involve AI use but are silent on governance detail, the minimum reading shall be that this Part VIII supplies the required governance detail, and any AI use not capable of satisfying such governance shall be held, restricted, refused, corrected, or removed from material use.

8.35.3(j) The controlling rule shall be that AI use in GCRI Canada is legitimate only when it is governed, source-lined, reviewed, privacy-protective, cybersecurity-controlled, public-safe, bounded, recorded, and correctionable.

***

8.35.4 Where ambiguity exists, the interpretation that better preserves evidence integrity, human accountability, source lineage, confidence and uncertainty discipline, verifiable compute discipline, AI safety, privacy, cybersecurity, sovereign data, protected knowledge, public-safe publication, public authority boundaries, finance-readiness boundaries, provider neutrality, sponsor non-control, Nexus role separation, validity-by-record, correctionability, and public trust shall prevail.\
8.35.4(a) Where ambiguity, conflict, silence, overlap, operational pressure, public-facing pressure, sponsor pressure, provider pressure, public authority pressure, finance-facing pressure, media pressure, technical convenience, urgent timing, or institutional uncertainty exists in the interpretation of any later Part involving Truth Engine, compute, Verifiable Intelligence, AI, models, datasets, systems, benchmarks, Proof Receipts, dashboards, maps, APIs, public-safe outputs, interface records, or correction records, the interpretation that better preserves the safeguards in this Section 8.35.4 shall prevail.

8.35.4(b) The preferred interpretation shall preserve evidence integrity, including source lineage, data lineage, method integrity, model governance, dataset governance, compute integrity, observability integrity, confidence discipline, uncertainty discipline, limitation discipline, reviewability, challengeability, dependency visibility, and correctionability.

8.35.4(c) The preferred interpretation shall preserve human accountability, including qualified human review, reviewer independence, conflict disclosure, accountable approval, accountable publication, accountable correction, accountable escalation, reviewer notes, dissent preservation, and the rule that AI shall not hide, absorb, or replace human responsibility.

8.35.4(d) The preferred interpretation shall preserve privacy, data rights, cybersecurity, sovereign data, public authority data controls, community safeguards, Indigenous safeguards, protected knowledge, source protection, confidentiality, legal sensitivity, export-control compliance, sanctions controls, controlled-technology controls, and do-no-harm duties.

8.35.4(e) The preferred interpretation shall preserve public-safe publication, including redaction, aggregation, generalization, safe-location treatment, responsible non-disclosure, controlled annex treatment, public-safe summaries, confidence statements, uncertainty statements, limitation statements, boundary language, public-safe correction, withdrawal, retraction, and output monitoring.

8.35.4(f) The preferred interpretation shall preserve public authority boundaries, including no public warning, no emergency command, no public authority decision, no regulatory approval, no procurement approval, no funding approval, no public finance approval, no official guidance, no safe harbor, no enforcement position, no public-law status, and no delegated public power by GCRI Canada.

8.35.4(g) The preferred interpretation shall preserve finance-readiness boundaries, including no investment advice, no securities recommendation, no brokerage, no placement, no finder activity, no lending decision, no underwriting decision, no insurance approval, no rating, no guarantee, no public finance approval, no capital commitment, no bankability, no fundability, no finance-readiness, and no financial suitability by GCRI Canada.

8.35.4(h) The preferred interpretation shall preserve recognition, certification, protocol, procurement, provider, sponsor, host, and execution boundaries, including no GRF recognition by GCRI Canada, no GRA finance-readiness by GCRI Canada, no Protocol Authority effect by GCRI Canada, no certification, no conformance determination, no procurement approval, no provider preference, no sponsor control, no host approval, no National Company execution, no Project SPV execution, no infrastructure operation, and no market authority by implication.

8.35.4(i) The preferred interpretation shall preserve Nexus role separation, including legal separateness among GCRI Canada, GCRI US, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards / Protocol Authority, Nexus entities, public authorities, National Companies, Project SPVs, providers, sponsors, hosts, universities, communities, and other actors, and shall not resolve ambiguity in favour of role merger, role substitution, shared liability, or execution drift.

8.35.4(j) The preferred interpretation shall preserve validity-by-record and correctionability, including the rule that institutional meaning arises from proper record, proper source, proper method, proper review, proper audience, proper boundary, proper authority, and proper correction path, and that any record, output, model, dataset, method, compute workload, dashboard, map, API, Proof Receipt, public-safe publication, or public claim may be corrected, restricted, superseded, withdrawn, retracted, retired, or archived when required.

8.35.4(k) No ambiguity shall be resolved in favour of convenience, speed, market usefulness, sponsor comfort, provider comfort, public authority comfort, finance-facing usefulness, reputational benefit, public narrative, technical novelty, model fluency, dashboard visibility, map visibility, benchmark attractiveness, Proof Receipt appearance, or apparent institutional advantage where such interpretation weakens the safeguards of this Part VIII.

8.35.4(l) The controlling rule shall be that Part VIII is an anti-overclaim, anti-automation-drift, anti-authority-by-implication, and correctionability discipline for all later Parts; where meaning is uncertain, the safer, more source-lined, more human-accountable, more public-safe, more boundary-preserving, and more correctable interpretation shall prevail.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.therisk.global/organization/organization/governance/charters/gcri-ca/viii.-truth.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.