# XVII. GOVERNANCE

### 17.1 Board Stewardship Purpose

17.1.1 Board Stewardship as the Primary Governance Safeguard of GCRI Canada.\
17.1.1(a) Board stewardship shall be the primary governance safeguard through which GCRI Canada preserves its legal identity, public-benefit purpose, mission lock, non-executing character, public-good stewardship function, records discipline, and role separation within the wider Nexus architecture.\
17.1.1(b) The Board shall not be treated merely as an administrative body, ceremonial body, donor-facing body, advisory body, sponsor-facing body, or approval surface for management preferences. The Board shall be the constitutional steward of the corporation’s purpose, boundaries, duties, and institutional integrity.\
17.1.1(c) Board stewardship shall include oversight of the corporation’s evidence, methods, observability, ontology, public-good software, Open Technical Baselines, research integrity, public-safe publication, data governance, cybersecurity, participant governance, Public Authority interfaces, sponsorships, provider relationships, and Nexus interfaces.\
17.1.1(d) The Board shall exercise stewardship through lawful decision-making, reserved matters, delegation discipline, records-valid approvals, review of material risks, correction oversight, and periodic assurance.\
17.1.1(e) The controlling rule shall be that GCRI Canada’s constitutional character is protected first by Board stewardship and only secondarily by operational practice.

17.1.2 Board Stewardship as Mission Lock, Legal Compliance, Public-Benefit Purpose, Non-Execution, Public-Good Stack Alignment, and Institutional Separateness.\
17.1.2(a) The Board shall preserve mission lock by ensuring that GCRI Canada remains a Canadian nonprofit, non-share, non-distributing, non-charitable unless lawfully changed, public-benefit, non-executing, non-market institution stewarding evidence, methods, observability, ontology, public-good R\&D, public-good software, Open Technical Baselines, Nexus Truth Engine Methods, Nexus Observatory Methods, and public-safe publication.\
17.1.2(b) The Board shall ensure legal compliance with applicable Canadian federal, provincial, territorial, privacy, data, cybersecurity, corporate, tax, employment, sanctions, export-control, accessibility, anti-corruption, competition, and other applicable legal requirements.\
17.1.2(c) The Board shall preserve Public-Good Stack alignment by ensuring that GCRI Canada does not drift into Enterprise Stack execution, market operation, finance intermediation, procurement, certification, Public Authority substitution, emergency command, public warning, or regulated execution.\
17.1.2(d) The Board shall preserve institutional separateness from GCRI US, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards / Protocol Authority, Nexus Network, Nexus Universe, Nexus Observatory, Nexus Rails, Nexus Grid, Nexus Academy, Regional Nexus Consortiums, National Nexus Consortiums, National Consortium Companies, Project SPVs, Qualified Providers, sponsors, hosts, capital actors, and Public Authorities.\
17.1.2(e) The controlling rule shall be that Board stewardship must protect the corporation from becoming what its Charter and Bylaw exist to prevent.

17.1.3 Board Stewardship as Protection of Evidence, Methods, Observability, Ontology, Technical Truth, Public-Good R\&D, Public-Good Software, Open Technical Baselines, Nexus Truth Engine Methods, Nexus Observatory Methods, and Public-Safe Publication.\
17.1.3(a) The Board shall protect GCRI Canada’s evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, Open Technical Baselines, Nexus Truth Engine Methods, Nexus Observatory Methods, and public-safe publication as mission assets of constitutional importance.\
17.1.3(b) Such assets shall not be treated as ordinary program outputs, marketing materials, sponsor deliverables, vendor tools, proprietary leverage, public authority instruments, finance products, or execution assets.\
17.1.3(c) Board stewardship shall require oversight of the records, custody, classification, versioning, source lineage, method integrity, public-safe status, data governance, cybersecurity, repository discipline, release discipline, correction paths, and downstream dependency implications of such assets.\
17.1.3(d) The Board shall ensure that technical truth is supported by records, methods, evidence, review, limitations, confidence treatment, uncertainty treatment, reproducibility where appropriate, and correctionability.\
17.1.3(e) The controlling rule shall be that mission assets must remain public-good, records-valid, technically credible, safeguard-compliant, and correctionable.

17.1.4 Board Stewardship as Protection Against Capture, Enclosure, Sponsor Control, Provider Preference, Public Authority Confusion, Finance Overclaim, Public Warning Confusion, Certification Drift, Protocol-Authority Drift, and Execution Drift.\
17.1.4(a) The Board shall protect GCRI Canada against capture, enclosure, sponsor control, provider preference, Public Authority confusion, finance overclaim, public warning confusion, certification drift, Protocol Authority drift, execution drift, and any other form of institutional role inflation.\
17.1.4(b) Capture includes donor capture, sponsor capture, provider capture, host capture, founder capture, platform capture, academic capture, public authority capture, capital-reader capture, media capture, technical dependency capture, data capture, and narrative capture.\
17.1.4(c) Enclosure includes the conversion of public-good software, methods, ontologies, evidence systems, observability methods, technical baselines, datasets, schemas, repositories, or controlled vocabulary into proprietary gatekeeping, preferred-provider advantage, private control, restricted commercial leverage, or access-for-money infrastructure.\
17.1.4(d) The Board shall require controls to prevent sponsor or provider influence over evidence, methods, publications, technical baselines, Public Authority access, correction decisions, public-safe claims, or institutional truth.\
17.1.4(e) The Board shall ensure that GCRI Canada materials are not used to imply recognition, maturity status, finance-readiness, insurance-readiness, certification, procurement approval, Public Authority approval, public warning, emergency command, protocol effect, provider preference, sponsor validation, Nexus-compatible status, or execution authority unless proper authority and records exist outside GCRI Canada’s own upstream role.\
17.1.4(f) The controlling rule shall be that the Board must prevent mission assets from becoming legitimacy instruments for private, public authority, financial, or execution overclaim.

17.1.5 Board Stewardship as Protection of Privacy, Data Rights, Sovereign Data, Cybersecurity, Community Safeguards, Indigenous and Protected Knowledge, Research Integrity, and Public Trust.\
17.1.5(a) The Board shall protect privacy, data rights, sovereign data, cybersecurity, community safeguards, Indigenous knowledge, Local knowledge, Territorial knowledge, Cultural knowledge, Environmental knowledge, Protected Knowledge, research integrity, and public trust as constitutional governance obligations.\
17.1.5(b) The Board shall ensure that data governance is not treated as administrative compliance, that cybersecurity is not treated as technical housekeeping, that community safeguards are not treated as symbolic consultation, and that protected knowledge is not treated as ordinary data or open publication material.\
17.1.5(c) Board stewardship shall include oversight of privacy impact review, rights-bearing data controls, public authority data controls, sovereign data zones, compute-to-data discipline, cross-border transfer review, AI-use controls, repository security, incident response, public-safe mapping, grievance, remedy, and correction.\
17.1.5(d) The Board shall ensure that research integrity includes lawful basis, ethical review where applicable, method integrity, source integrity, conflict management, peer or expert review where appropriate, reproducibility where lawful and appropriate, limitations discipline, and correctionability.\
17.1.5(e) The controlling rule shall be that public trust depends on the Board’s ability to protect people, communities, data, knowledge, systems, and records from misuse and overclaim.

17.1.6 Board Stewardship as Records-Valid, Correctionable, Auditable, and Periodically Reviewed.\
17.1.6(a) Board stewardship shall be records-valid, correctionable, auditable, and periodically reviewed.\
17.1.6(b) Material Board action shall require proper notice where applicable, agenda discipline, quorum where required, authority mapping, decision record, resolution, minutes, delegation record, Case ID where applicable, conflict record, public-safe classification where applicable, and repository deposit where required.\
17.1.6(c) Board records shall identify the matter decided, authority source, evidence considered, conflicts disclosed, recusals, alternatives considered where material, decision taken, limitations, implementation owner, review date, correction path, and any required Gazette or controlled notice.\
17.1.6(d) Board action shall be subject to correction, clarification, supersession, withdrawal, reclassification, or other correction state where the record is inaccurate, incomplete, unauthorized, unsupported, unsafe, outdated, misleading, or inconsistent with mission lock.\
17.1.6(e) Periodic review shall assess whether Board stewardship remains effective against legal risk, mission drift, capture risk, execution drift, public claims risk, data risk, cybersecurity risk, safeguards risk, and Nexus role confusion.\
17.1.6(f) The controlling rule shall be that Board authority is legitimate only when exercised through proper records and remains open to correction.

17.1.7 Board Stewardship as Distinct From Day-to-Day Management Except Where Board Action Is Required by Law, Bylaw, Policy, Delegation, or Reserved Matter.\
17.1.7(a) Board stewardship shall remain distinct from day-to-day management except where Board action is required by applicable law, articles, Bylaw, Charter, policy, delegation, reserved matter, risk threshold, emergency rule, or correction requirement.\
17.1.7(b) The Board shall not operate as ordinary management, project staff, program delivery team, technical release team, publication desk, sponsor-relations desk, provider-selection desk, or Public Authority engagement team except where a lawful Board function requires direct action.\
17.1.7(c) Officers and management may operate within delegated authority, but delegation shall not eliminate Board oversight, fiduciary responsibility, reserved-matter control, legal compliance duty, mission-lock responsibility, or correction duty.\
17.1.7(d) Matters requiring Board action shall include constitutional changes, mission-lock risks, material legal risk, material funding restrictions, material sponsor or provider influence risk, material Public Authority boundary risk, material finance-boundary risk, material data or cybersecurity risk, material protected knowledge risk, material public claims risk, material inter-institutional arrangements, and other reserved matters.\
17.1.7(e) The controlling rule shall be that the Board governs and stewards; management operates within lawful and recorded delegation.

17.1.8 Board Stewardship as Distinct From Advisory Councils, Leadership Councils, Helix Councils, Committees Without Board Authority, Fellows, Advisors, Sponsors, Providers, Public Authorities, National Companies, Project SPVs, and Nexus Entities.\
17.1.8(a) Board stewardship shall remain distinct from Advisory Councils, Leadership Councils, Helix Councils, committees without Board authority, fellows, advisors, sponsors, donors, funders, providers, hosts, Public Authorities, universities, communities, capital readers, National Consortium Companies, Project SPVs, Nexus entities, and other participants.\
17.1.8(b) Advisory participation, council participation, committee participation, fellowship, sponsorship, provider involvement, Public Authority participation, National Company interface, Project SPV interface, or Nexus interface shall not create Board authority, corporate authority, fiduciary authority, governance control, or power to bind GCRI Canada unless expressly and lawfully conferred by proper instrument.\
17.1.8(c) The Board may receive advice, challenge, evidence, recommendations, public-interest input, technical input, community input, Public Authority context, finance-literacy input, or Nexus-interface input without surrendering Board authority or fiduciary responsibility.\
17.1.8(d) The Board shall ensure that all such interfaces are role-classified, conflict-reviewed, records-valid, non-controlling, non-overclaiming, and correctionable.\
17.1.8(e) The controlling rule shall be that advice, support, participation, proximity, or technical contribution shall not become governance authority by implication.

17.1.9 Board Stewardship as Aligned With Canadian Fiduciary Duties and Applicable Law.\
17.1.9(a) Board stewardship shall be exercised consistently with Canadian fiduciary duties, applicable corporate law, nonprofit law, privacy law, data protection law, employment law, tax law, sanctions and export-control law, competition law, anti-corruption law, contract law, and other applicable legal requirements.\
17.1.9(b) Directors shall act honestly, in good faith, with care, diligence, prudence, loyalty, independence, and lawful judgment in the best interests of GCRI Canada.\
17.1.9(c) The best interests of GCRI Canada shall be interpreted through its nonprofit, non-distributing, public-benefit, non-executing, evidence-and-methods, public-good stewardship character, and not through commercial growth, sponsor preference, provider preference, founder preference, public visibility, or institutional prestige alone.\
17.1.9(d) Directors shall take account of the corporation’s public-benefit purpose, legal obligations, mission lock, safeguards obligations, public trust, institutional continuity, and role separation when exercising judgment.\
17.1.9(e) The controlling rule shall be that Canadian fiduciary duty and Nexus public-good discipline must reinforce each other rather than compete.

17.1.10 Board Stewardship Records as Constitutional Governance Records.\
17.1.10(a) Board stewardship records shall be constitutional governance records of GCRI Canada.\
17.1.10(b) Such records may include Board minutes, written resolutions, reserved-matter approvals, delegation records, policy approvals, risk reports, assurance reports, audit records, conflict records, recusal records, correction records, mission-lock reviews, non-execution reviews, Public Authority boundary reviews, finance-boundary reviews, cybersecurity reports, data governance reports, protected knowledge reports, and inter-institutional interface approvals.\
17.1.10(c) Board stewardship records shall be classified, retained, secured, versioned, indexed, and archived according to their legal, governance, public-safe, confidentiality, data, cybersecurity, and protected knowledge status.\
17.1.10(d) Board stewardship records shall not be replaced by email, chat, verbal assurance, slide decks, informal meeting notes, draft documents, sponsor correspondence, provider materials, media statements, or unapproved summaries.\
17.1.10(e) The controlling rule shall be that constitutional governance must be evidenced by constitutional records.

### 17.2 Board Authority and Bylaw Alignment

17.2.1 Board Authority Shall Be Exercised Subject to Applicable Law, Articles, Bylaw, Charter, Policies, and Proper Records.\
17.2.1(a) Board authority shall be exercised subject to applicable law, the articles, the Bylaw, the Charter, duly adopted policies, lawful delegations, reserved-matter rules, proper procedure, and proper records.\
17.2.1(b) The Board shall not exercise authority by informal consensus, undocumented practice, private assurance, unrecorded instruction, sponsor expectation, provider expectation, public authority pressure, founder preference, management convenience, or Nexus-system assumption.\
17.2.1(c) Where Board authority is required, the action shall be taken by proper resolution, recorded consent, delegated instrument, or other lawful procedure sufficient to create a records-valid act.\
17.2.1(d) No Board action shall exceed the corporation’s legal capacity, public-benefit purpose, non-execution boundary, or role within the Nexus public-good stack.\
17.2.1(e) The controlling rule shall be that Board authority exists only within law, governing instruments, and proper records.

17.2.2 Bylaw Controls Corporate Mechanics Where Required.\
17.2.2(a) The Bylaw shall control corporate mechanics where required by applicable law, articles, corporate procedure, membership rules where applicable, Board composition, director duties, officer authority, meetings, quorum, voting, notices, resolutions, delegation, records, indemnification, amendment, and dissolution.\
17.2.2(b) The Charter, policies, procedures, schedules, annexes, protocols, doctrine instruments, council charters, and Nexus interface instruments may guide, supplement, operationalize, or interpret corporate stewardship only to the extent consistent with the Bylaw and applicable law.\
17.2.2(c) No lower-order instrument shall amend, override, dilute, suspend, or bypass the Bylaw unless the Bylaw and applicable law expressly permit such effect.\
17.2.2(d) Where a corporate mechanics question arises, the Board shall identify the controlling legal and bylaw source before acting.\
17.2.2(e) The controlling rule shall be that constitutional ambition shall not displace lawful corporate procedure.

17.2.3 Charter Guides Board Stewardship, Mission Interpretation, Role Separation, Non-Execution, and Public-Good Alignment Where Consistent With Law and Bylaw.\
17.2.3(a) The Charter shall guide Board stewardship, mission interpretation, role separation, non-execution, public-good alignment, Nexus interface discipline, public-safe publication, correctionability, validity-by-record, and public-benefit interpretation where consistent with applicable law and the Bylaw.\
17.2.3(b) The Charter shall be used to interpret the purpose, boundaries, public-good role, institutional identity, and non-execution posture of GCRI Canada, but shall not be used to bypass mandatory corporate procedures.\
17.2.3(c) Where the Charter provides a stricter public-good, role-separation, safeguard, correction, or boundary rule than an operational policy, the Charter-guided rule shall inform Board interpretation unless inconsistent with law or the Bylaw.\
17.2.3(d) Where Charter and Bylaw language appear to conflict, the matter shall be escalated for legal, governance, and records review, and the reading that preserves legality, mission lock, non-execution, public-good stewardship, and narrower implied authority shall govern pending clarification.\
17.2.3(e) The controlling rule shall be that the Charter guides constitutional meaning but does not replace corporate law.

17.2.4 No Charter Provision Shall Be Used to Bypass Required Board Procedure Under the Bylaw.\
17.2.4(a) No Charter provision, doctrine statement, Nexus framework, public-good principle, council recommendation, sponsor request, Public Authority request, provider request, GRA request, GRF request, Protocol Authority request, or management instruction shall be used to bypass required Board procedure under the Bylaw.\
17.2.4(b) Required Board procedure includes notice, quorum, conflict disclosure, recusal, proper voting, written resolution procedure where applicable, reserved-matter review, delegation review, legal review where required, record creation, and repository deposit where required.\
17.2.4(c) A substantively correct decision shall not become procedurally valid merely because it is mission-compatible.\
17.2.4(d) Where urgent action is necessary, emergency procedures may be used only within their lawful scope and shall be promptly recorded, reviewed, ratified where required, corrected where necessary, and normalized.\
17.2.4(e) The controlling rule shall be that mission lock must be preserved through procedure, not at the expense of procedure.

17.2.5 No Informal Charter Interpretation Shall Create Board Action Without Proper Record.\
17.2.5(a) No informal Charter interpretation shall create Board action, Board approval, Board delegation, Board policy, Board consent, Board waiver, Board amendment, Board notice, Board exception, or Board instruction without proper record.\
17.2.5(b) Informal Charter interpretations may arise in emails, chats, calls, slide decks, meeting notes, working drafts, public statements, sponsor communications, provider communications, public authority discussions, media discussions, council sessions, or Nexus coordination sessions, but such interpretations shall not bind the Board unless adopted through proper authority.\
17.2.5(c) Any person relying on informal interpretation for material action shall be required to obtain proper authority before proceeding.\
17.2.5(d) Misuse of informal interpretation to claim Board approval shall require correction, withdrawal, clarification, access restriction, discipline, or other remedy where appropriate.\
17.2.5(e) The controlling rule shall be that interpretation becomes Board action only through records-valid governance.

17.2.6 Board Action Shall Preserve GCRI Canada’s Separate Legal Identity.\
17.2.6(a) Board action shall preserve GCRI Canada’s separate legal identity as a Canadian nonprofit, non-share, non-distributing, public-benefit corporation legally distinct from all other entities and participants.\
17.2.6(b) The Board shall not approve any arrangement that creates merger, agency, partnership, joint venture, alter ego, parent-subsidiary status, shared treasury, shared liability, joint employer status, hidden control, or authority transfer unless expressly lawful, intended, recorded, and consistent with mission lock.\
17.2.6(c) Inter-institutional cooperation, shared terminology, shared architecture, shared records, shared technical assets, shared events, shared public authority interfaces, or shared Nexus references shall not erase legal separateness.\
17.2.6(d) The Board shall require legal-separateness language in material arrangements with GCRI US, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Protocol Authority, Nexus entities, National Consortium Companies, Project SPVs, sponsors, providers, hosts, Public Authorities, and universities where role confusion risk exists.\
17.2.6(e) The controlling rule shall be that interoperability shall not become legal fusion.

17.2.7 Board Action Shall Preserve Canadian Public-Benefit Character.\
17.2.7(a) Board action shall preserve GCRI Canada’s Canadian public-benefit character, including its legal seat, nonprofit status, non-share character, non-distribution rule, non-charitable posture unless lawfully changed, public-good purpose, and jurisdictional accountability.\
17.2.7(b) International alignment, Nexus coordination, global stewardship, cross-border programs, technical interoperability, Public Authority learning, or participation in global initiatives shall not displace Canadian legal identity or corporate governance.\
17.2.7(c) The Board shall ensure that funding, partnerships, publications, repository structures, data environments, controlled rooms, staffing, public authority interfaces, and technical systems remain compatible with Canadian legal and public-benefit obligations.\
17.2.7(d) Where foreign law, foreign institutional expectation, sponsor expectation, provider expectation, Nexus-system expectation, or Public Authority expectation conflicts with Canadian public-benefit character, the matter shall be escalated for legal and governance review before effect.\
17.2.7(e) The controlling rule shall be that GCRI Canada may operate globally without ceasing to be Canadian in legal and public-benefit character.

17.2.8 Board Action Shall Preserve the Distinction Between GCRI Canada, GCRI US, GRF, GRA, Protocol Authority, Nexus Entities, National Companies, Project SPVs, Providers, Sponsors, Hosts, Public Authorities, and Capital Actors.\
17.2.8(a) Board action shall preserve the distinction between GCRI Canada, GCRI US, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards / Protocol Authority, Nexus Network, Nexus Universe, Nexus Observatory, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, Regional Nexus Consortiums, National Nexus Consortiums, National Consortium Companies, Project SPVs, Qualified Providers, sponsors, hosts, Public Authorities, capital readers, investors, insurers, lenders, brokers, underwriters, rating actors, and other capital actors.\
17.2.8(b) The Board shall ensure that GCRI Canada remains the upstream evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, technical-baseline, Nexus Truth Engine Methods, and Nexus Observatory Methods steward.\
17.2.8(c) The Board shall not permit GCRI Canada to issue GRF recognition, standing, maturity records, claims determinations, or public-facing legitimacy; GRA finance-readiness, capital-readiness, insurance-readiness, routeability, investment, lending, underwriting, rating, or public finance determinations; Protocol Authority role keys, smart licenses, proof-receipt authority, entitlement states, or protocol effects; or Enterprise Stack execution approvals.\
17.2.8(d) The Board shall require boundary language in materials, agreements, and public claims where role confusion may occur.\
17.2.8(e) The controlling rule shall be that Nexus role separation is a Board stewardship duty.

17.2.9 Board Action Inconsistent With Mission Lock Requires Legal, Governance, Public-Good, and Boundary Review Before Any Effect.\
17.2.9(a) Any proposed Board action that may be inconsistent with mission lock shall require legal, governance, public-good, and boundary review before effect.\
17.2.9(b) Mission-lock concern may arise from commercial drift, finance-services drift, public authority substitution, sponsor control, provider preference, technical asset enclosure, public warning implication, emergency command implication, certification drift, Protocol Authority drift, data overreach, protected knowledge misuse, AI misuse, public claims overreach, or execution ambiguity.\
17.2.9(c) Review shall assess legality, fiduciary duty, corporate authority, public-benefit purpose, non-execution, role separation, data and privacy, cybersecurity, community safeguards, protected knowledge, Public Authority implications, finance implications, procurement implications, sponsor or provider influence, and correction path.\
17.2.9(d) Pending review, the Board may place the matter on hold, narrow scope, quarantine materials, restrict access, require independent review, route to another institution, or refuse the action.\
17.2.9(e) The controlling rule shall be that mission-lock risk must be reviewed before institutional effect is created.

17.2.10 Board Authority and Bylaw Alignment Records.\
17.2.10(a) GCRI Canada shall maintain Board Authority and Bylaw Alignment records for material Board actions and interpretation matters.\
17.2.10(b) Such records shall identify the action, authority source, applicable law or Bylaw provision, Charter relevance, policy relevance, reserved-matter status, delegation status, conflicts, review gates, decision record, implementation owner, public-safe status, correction path, and closeout.\
17.2.10(c) Where ambiguity exists, the record shall identify the ambiguity, interim rule, escalation path, responsible reviewer, and final resolution.\
17.2.10(d) Board Authority and Bylaw Alignment records shall be retained as constitutional governance records and linked to the authoritative repository where applicable.\
17.2.10(e) The controlling rule shall be that Board authority alignment must be demonstrable by record.

### 17.3 Fiduciary Duty and Public-Benefit Duty

17.3.1 Directors Shall Act in Good Faith in the Best Interests of GCRI Canada.\
17.3.1(a) Directors shall act honestly, in good faith, and in the best interests of GCRI Canada.\
17.3.1(b) The best interests of GCRI Canada shall be interpreted through the corporation’s Canadian nonprofit, non-share, non-distributing, public-benefit, non-executing, evidence-and-methods, public-good stewardship character.\
17.3.1(c) Directors shall not equate the best interests of GCRI Canada with founder preference, donor preference, sponsor preference, provider preference, Public Authority preference, management convenience, capital-reader interest, public visibility, event growth, technology excitement, or Nexus-system pressure.\
17.3.1(d) Directors shall consider the corporation’s legal compliance, mission lock, public-benefit purpose, institutional continuity, public trust, safeguards, correctionability, role separation, and long-term stewardship obligations when acting.\
17.3.1(e) The controlling rule shall be that good faith is measured against GCRI Canada’s public-benefit constitutional identity.

17.3.2 Directors Shall Exercise Care, Diligence, Prudence, Loyalty, Independence, and Lawful Judgment.\
17.3.2(a) Directors shall exercise the care, diligence, prudence, loyalty, independence, and lawful judgment expected of directors of a serious Canadian public-benefit nonprofit stewarding mission-critical public-good evidence and technical assets.\
17.3.2(b) Directors shall inform themselves sufficiently before making material decisions, including by reviewing relevant records, risks, conflicts, legal implications, public-safe implications, data implications, cybersecurity implications, Public Authority implications, finance implications, and Nexus role implications.\
17.3.2(c) Directors shall not act as passive ratifiers of management, sponsors, providers, funders, Public Authorities, technical contributors, founders, or external partners.\
17.3.2(d) Directors shall exercise independent judgment even where a proposal is popular, well-funded, technically impressive, politically attractive, or institutionally urgent.\
17.3.2(e) The controlling rule shall be that director judgment must be informed, independent, lawful, and mission-faithful.

17.3.3 Directors Shall Preserve Public-Benefit Purpose and Nonprofit Character.\
17.3.3(a) Directors shall preserve GCRI Canada’s public-benefit purpose and nonprofit character in all material governance decisions.\
17.3.3(b) Directors shall ensure that the corporation’s funds, assets, intellectual property, data, public-good software, technical baselines, evidence systems, publications, repositories, rooms, public authority interfaces, and institutional reputation are used for lawful public-benefit purposes and not improper private benefit.\
17.3.3(c) Directors shall oversee financial sustainability without permitting commercial drift, pay-to-play, sponsor capture, access-for-money, provider preference, private inurement, or mission-subordinating revenue models.\
17.3.3(d) Directors shall ensure that any earned revenue, fees, training payments, sponsorships, donations, grants, in-kind contributions, or restricted funds are structured consistently with nonprofit status, public-benefit purpose, and non-control rules.\
17.3.3(e) The controlling rule shall be that sustainability must serve mission, not convert mission into commerce.

17.3.4 Directors Shall Avoid Improper Private Benefit and Private Inurement.\
17.3.4(a) Directors shall avoid and prevent improper private benefit, private inurement, excess benefit, hidden distribution, preferential transfer, improper access benefit, related-party advantage, or conversion of public-good assets into private leverage.\
17.3.4(b) Directors shall ensure independent review, conflict disclosure, recusal, reasonableness review, fair-value review where applicable, and proper records for related-party arrangements and material benefits.\
17.3.4(c) Directors shall not approve arrangements that provide sponsors, donors, funders, providers, hosts, contractors, fellows, advisors, Board members, officers, members where applicable, National Companies, Project SPVs, or private persons with improper advantage from GCRI Canada’s public-good assets, Public Authority interfaces, technical baselines, publications, data, repositories, rooms, or institutional standing.\
17.3.4(d) Any suspected improper benefit shall be escalated, reviewed, corrected, returned, disgorged where appropriate, restructured, terminated, or otherwise remedied.\
17.3.4(e) The controlling rule shall be that public-good stewardship cannot be used as private-benefit infrastructure.

17.3.5 Directors Shall Protect Research Integrity, Evidence Integrity, Methods Integrity, Public-Safe Claims, and Correctionability.\
17.3.5(a) Directors shall protect research integrity, evidence integrity, methods integrity, public-safe claims, and correctionability as fiduciary and public-benefit duties.\
17.3.5(b) Directors shall ensure that evidence outputs, methods, technical baselines, public-good software, publications, dashboards, maps, datasets, Academy materials, public authority learning materials, and public claims are supported by records, review, controlled vocabulary, limitations, confidence treatment, uncertainty treatment, and correction paths.\
17.3.5(c) Directors shall prevent sponsor, provider, funder, Public Authority, capital-reader, media, or internal pressure from shaping research findings, suppressing publication, delaying correction, overstating impact, or inflating claims.\
17.3.5(d) Directors shall ensure that correction, supersession, withdrawal, retraction, downgrade, suspension, reclassification, reinstatement, and archival are treated as governance duties, not reputational failures.\
17.3.5(e) The controlling rule shall be that truth stewardship requires Board protection of evidence, methods, claims, and correction.

17.3.6 Directors Shall Protect Data Rights, Privacy, Cybersecurity, Sovereign Data, Public Authority Data, and Protected Knowledge.\
17.3.6(a) Directors shall protect data rights, privacy, cybersecurity, sovereign data, Public Authority Data, Community-Protected Data, Indigenous knowledge, Local knowledge, Territorial knowledge, Cultural knowledge, Environmental knowledge, Protected Knowledge, and other sensitive materials.\
17.3.6(b) Directors shall oversee policies, systems, registers, controlled rooms, clean rooms, repositories, dashboards, maps, AI tools, third-party systems, and data interfaces to ensure lawful, secure, purpose-bound, minimized, access-controlled, public-safe, and correctionable handling.\
17.3.6(c) Directors shall require heightened review for rights-bearing data, health-sensitive data, Public Authority Data, cyber-sensitive data, infrastructure-sensitive data, finance-sensitive data, community-protected data, protected knowledge, cross-border transfer, sovereign data zones, compute-to-data, AI use, and public release.\
17.3.6(d) Directors shall ensure that data, AI, cybersecurity, and protected knowledge incidents are promptly escalated, contained, investigated, corrected, and reported where required or appropriate.\
17.3.6(e) The controlling rule shall be that directors must treat data, systems, and protected knowledge as fiduciary risk surfaces.

17.3.7 Directors Shall Protect Non-Execution, Public Authority Boundaries, Finance Boundaries, Procurement Neutrality, Provider Neutrality, Sponsor Non-Control, and Public-Good Firewall.\
17.3.7(a) Directors shall protect non-execution, Public Authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, and the Public-Good Firewall.\
17.3.7(b) Directors shall ensure that GCRI Canada does not regulate, procure, approve public funding, issue public warnings, command emergencies, certify legal compliance, provide investment advice, solicit securities, broker transactions, underwrite insurance, rate credit, guarantee outcomes, operate market infrastructure, control National Companies, control Project SPVs, or execute downstream activity.\
17.3.7(c) Directors shall require boundary review where GCRI Canada materials may be used by Public Authorities, sponsors, providers, capital readers, National Companies, Project SPVs, media actors, or Nexus entities in ways that could imply authority beyond the record.\
17.3.7(d) Directors shall ensure that support for GRF, GRA, Protocol Authority, Nexus entities, Public Authorities, National Companies, Project SPVs, or providers is upstream, bounded, recorded, and role-separated.\
17.3.7(e) The controlling rule shall be that directors must protect the line between public-good stewardship and execution consequence.

17.3.8 Directors Shall Exercise Independent Judgment Despite Sponsor, Provider, Public Authority, Capital, Founder, Partner, Media, or Nexus-System Pressure.\
17.3.8(a) Directors shall exercise independent judgment despite sponsor, donor, funder, provider, host, Public Authority, capital-reader, founder, partner, university, media, National Company, Project SPV, Nexus-system, management, or public pressure.\
17.3.8(b) Independence shall require directors to disclose conflicts, resist undue influence, avoid outcome purchase, reject public authority access purchase, protect publication independence, protect correction duty, and preserve public-good stewardship.\
17.3.8(c) Directors shall not permit institutional urgency, funding dependency, public visibility, technical dependency, political sensitivity, reputational concern, or strategic partnership to override legal duty, mission lock, safeguards, non-execution, or correctionability.\
17.3.8(d) Where pressure is material, directors shall require conflict review, influence risk review, independent review, recusal, access restriction, boundary review, or Board escalation.\
17.3.8(e) The controlling rule shall be that director independence must be strong enough to withstand the actors most capable of creating capture.

17.3.9 Directors Shall Ensure That Delegation Does Not Eliminate Oversight.\
17.3.9(a) Directors may delegate authority where lawful and appropriate, but shall ensure that delegation does not eliminate oversight, fiduciary responsibility, public-benefit duty, mission-lock responsibility, or correction duty.\
17.3.9(b) Delegations shall be written, scoped, time-bounded where appropriate, records-valid, reviewable, revocable, and linked to authority source, purpose, limits, reporting obligations, and correction path.\
17.3.9(c) Delegation shall not authorize officers, committees, councils, fellows, advisors, staff, contractors, sponsors, providers, Public Authorities, National Companies, Project SPVs, or Nexus entities to exceed the authority of GCRI Canada or bypass the Board’s reserved matters.\
17.3.9(d) The Board shall periodically review delegations for necessity, legality, performance, conflict, access, public claims, boundary risk, and continuing mission fit.\
17.3.9(e) The controlling rule shall be that delegation is a governance instrument, not an abdication.

17.3.10 Fiduciary Duty Records, Training, Disclosures, and Assurance.\
17.3.10(a) GCRI Canada shall maintain Fiduciary Duty records, training records, disclosures, and assurance processes for directors.\
17.3.10(b) Records shall include director appointment records, consent records, orientation records, fiduciary training, conflict disclosures, recusal records, independence disclosures, related-party records, Board attendance, decision records, dissent records, training updates, and assurance findings.\
17.3.10(c) Director training shall address fiduciary duty, public-benefit purpose, nonprofit status, non-execution, role separation, conflicts, private benefit, data governance, cybersecurity, Public Authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, protected knowledge, controlled vocabulary, public claims, and correctionability.\
17.3.10(d) Fiduciary Duty Assurance shall review whether directors remain informed, independent, conflict-managed, trained, records-valid, and effective in preserving mission lock and public trust.\
17.3.10(e) The controlling rule shall be that fiduciary duty must be evidenced by conduct, records, training, and assurance.

### 17.4 Mission Lock Oversight

17.4.1 Board Duty to Preserve Mission Lock.\
17.4.1(a) The Board shall have a continuing duty to preserve mission lock.\
17.4.1(b) Mission lock means the binding preservation of GCRI Canada’s identity as a Canadian nonprofit, non-share, non-distributing, public-benefit, non-executing, evidence, methods, observability, ontology, public-good R\&D, public-good software, Open Technical Baselines, Nexus Truth Engine Methods, Nexus Observatory Methods, technical truth, public-safe publication, validity-by-record, and correctionability institution.\
17.4.1(c) Mission lock shall govern Board decisions, officer delegations, funding, partnerships, programs, publications, data practices, AI use, technical systems, Public Authority interfaces, sponsor relationships, provider relationships, Nexus interfaces, and public claims.\
17.4.1(d) The Board shall not permit mission lock to be diluted by growth, funding, publicity, technology scope, political opportunity, commercial pressure, sponsor preference, provider preference, public authority proximity, or capital-reader interest.\
17.4.1(e) The controlling rule shall be that mission lock is a Board duty, not an aspirational statement.

17.4.2 Mission Lock Over Purposes, Programs, Partnerships, Funding, Publications, Technical Systems, Data Practices, AI Use, Public Authority Interfaces, and Nexus Coordination.\
17.4.2(a) The Board shall apply mission-lock oversight to purposes, programs, partnerships, funding, publications, technical systems, data practices, AI use, Public Authority interfaces, Nexus coordination, public communications, controlled rooms, clean rooms, repositories, dashboards, maps, datasets, software releases, technical baselines, and public-safe outputs.\
17.4.2(b) Each material initiative shall be capable of being explained as consistent with GCRI Canada’s public-benefit, evidence-and-methods, non-executing, public-good stewardship role.\
17.4.2(c) Programs and partnerships shall not be approved merely because they generate revenue, visibility, technical excitement, political access, public authority attention, sponsor support, provider participation, or capital-reader interest.\
17.4.2(d) Data practices, AI use, technical systems, and public-safe outputs shall be reviewed for mission fit, lawful authority, safeguards, public-safe status, privacy, cybersecurity, protected knowledge, Public Authority implications, finance implications, and correctionability.\
17.4.2(e) The controlling rule shall be that mission lock applies to the corporation’s operating system, not only to its constitutional text.

17.4.3 Mission Lock Against Commercial Drift.\
17.4.3(a) The Board shall prevent commercial drift.\
17.4.3(b) Commercial drift includes conversion of GCRI Canada into a consultancy, vendor, delivery company, sponsor-service desk, event brand, market platform, proprietary software company, data broker, media platform, product certification shop, implementation company, or enterprise execution vehicle.\
17.4.3(c) Commercial revenue, service fees, training fees, subscriptions, sponsorships, grants, in-kind support, and contracts may be accepted only where lawful, mission-compatible, non-controlling, non-excessive, records-valid, and consistent with public-benefit purpose.\
17.4.3(d) The Board shall require review of revenue models, access benefits, sponsor benefits, provider benefits, service offerings, training offerings, and technical asset licensing where commercial drift risk exists.\
17.4.3(e) The controlling rule shall be that GCRI Canada may be financially sustainable without becoming commercially captured.

17.4.4 Mission Lock Against Financial-Services Drift.\
17.4.4(a) The Board shall prevent financial-services drift.\
17.4.4(b) Financial-services drift includes movement toward investment advice, securities solicitation, brokerage, finder activity, placement, underwriting, lending, insurance placement, insurance advice, rating, guarantee, credit approval, fund operation, capital platform operation, public finance approval, MDB or DFI approval, grant approval, capital commitment, or transaction intermediation.\
17.4.4(c) GCRI Canada may provide upstream evidence, methods, public-safe summaries, source-lineage records, technical baselines, observability outputs, and technical explanations to support GRA or other proper actors where applicable, but shall not issue finance-readiness or capital-readiness determinations.\
17.4.4(d) The Board shall ensure that capital-reader access, finance-sensitive materials, GRA interfaces, National Company interfaces, Project SPV interfaces, and public finance references contain no-advice, no-solicitation, no-rating, no-guarantee, no-commitment, no-approval, and no-execution language where applicable.\
17.4.4(e) The controlling rule shall be that evidence may support capital literacy but shall not become financial intermediation.

17.4.5 Mission Lock Against Public Authority Substitution.\
17.4.5(a) The Board shall prevent Public Authority substitution.\
17.4.5(b) Public Authority substitution includes any act, system, publication, dashboard, map, public authority learning material, Observatory output, Truth Engine output, technical baseline, public-safe report, or Public Authority interface that implies GCRI Canada regulates, procures, approves funding, approves public finance, issues official guidance, issues public warnings, commands emergencies, grants permits, determines compliance, creates safe harbor, adopts public policy, or creates sovereign obligation.\
17.4.5(c) Public Authority participation shall be capacity-classified, reference-approved, boundary-controlled, data-controlled, public-safe, and correctionable.\
17.4.5(d) Public Authority learning shall improve evidence literacy, technical literacy, AI literacy, cyber literacy, data literacy, public-safe interpretation, and safeguards understanding without displacing lawful public decision-making.\
17.4.5(e) The controlling rule shall be that GCRI Canada may support public authority learning but shall not become a public authority.

17.4.6 Mission Lock Against Provider Capture.\
17.4.6(a) The Board shall prevent provider capture.\
17.4.6(b) Provider capture includes any arrangement by which a provider, vendor, contractor, technical contributor, platform operator, AI provider, cloud provider, telecommunications provider, cybersecurity provider, AI-RAN provider, O-RAN provider, DePIN provider, sensor provider, dashboard provider, systems integrator, or qualified provider influences evidence, methods, technical baselines, benchmarking, public claims, procurement implications, public authority access, or provider status.\
17.4.6(c) Provider participation, testing, benchmarking, demonstrations, contributions, hosting, equipment provision, software provision, data provision, or technical support shall not create certification, procurement advantage, preferred status, public authority approval, finance-readiness, recognition, or Nexus-compatible status by default.\
17.4.6(d) The Board shall require provider-neutrality controls, conflict review, access restriction, benchmark integrity review, public claims review, and procurement-sensitivity controls where provider involvement is material.\
17.4.6(e) The controlling rule shall be that technical usefulness shall not become institutional preference.

17.4.7 Mission Lock Against Sponsor Capture.\
17.4.7(a) The Board shall prevent sponsor capture.\
17.4.7(b) Sponsor capture includes any arrangement by which a sponsor, donor, funder, grantor, host, or supporter obtains control over evidence, methods, publications, public-safe outputs, Public Authority access, provider treatment, technical baselines, correction decisions, controlled vocabulary, or institutional truth.\
17.4.7(c) No sponsorship, donation, grant, restricted fund, in-kind contribution, host support, or public-good support shall purchase outcomes, suppress publications, veto findings, influence methods, control access, direct Public Authority interfaces, create provider preference, or create public claims beyond approved acknowledgment.\
17.4.7(d) The Board shall review sponsor-related benefits, acknowledgment rights, access rights, reporting rights, restricted funds, in-kind support, public references, and influence aggregation.\
17.4.7(e) The controlling rule shall be that sponsors may support public-good infrastructure but cannot own institutional truth.

17.4.8 Mission Lock Against Technical Asset Enclosure.\
17.4.8(a) The Board shall prevent technical asset enclosure.\
17.4.8(b) Technical asset enclosure includes conversion of public-good software, Open Technical Baselines, schemas, APIs, data contracts, ontologies, controlled vocabulary, model cards, benchmark cards, system cards, repositories, datasets, methods, dashboards, maps, observability outputs, or reference architectures into proprietary gatekeeping, vendor lock-in, sponsor control, private exclusivity, or market allocation.\
17.4.8(c) The Board shall oversee licensing, IP terms, contributor terms, repository governance, release discipline, SBOM, dependency review, cybersecurity, export-control review, public-safe release, and correction paths for material technical assets.\
17.4.8(d) Where restricted access, controlled licensing, delayed release, or non-public handling is required for safety, privacy, security, protected knowledge, export-control, or public authority reasons, such restrictions shall be recorded and shall not be used as disguised enclosure.\
17.4.8(e) The controlling rule shall be that technical assets may be protected without becoming privately enclosed.

17.4.9 Mission Lock Against Unbounded Technology Expansion Beyond Public-Benefit Purpose.\
17.4.9(a) The Board shall prevent unbounded technology expansion beyond public-benefit purpose.\
17.4.9(b) GCRI Canada may work across exponential and mission-critical technologies, including artificial intelligence, agentic AI, AI-RAN, O-RAN, private wireless, telecommunications, sovereign compute, edge compute, cloud compute, high-performance computing, verifiable compute, verifiable intelligence, blockchain, distributed ledger technology, DePIN, cybersecurity, cyber-physical systems, robotics, drones, autonomous systems, sensors, Earth observation, satellite systems, geospatial systems, digital twins, simulation systems, quantum-relevant systems, biosecurity, health-sensitive systems, climate, nature, WEFH systems, energy, semiconductors, advanced manufacturing, supply chains, space, critical infrastructure, and emerging technologies.\
17.4.9(c) Broad technology scope shall not authorize mission drift, hype chasing, technical overreach, sponsor-driven expansion, provider-driven expansion, public authority substitution, data overcollection, AI misuse, public-safe failures, or execution-adjacent operations.\
17.4.9(d) New technology domains shall be assessed for public-benefit purpose, evidence need, method fit, safeguards, legal risk, data risk, cybersecurity risk, public authority implications, finance implications, provider influence, sponsor influence, and correctionability.\
17.4.9(e) The controlling rule shall be that technology scope is broad, but public-benefit purpose is binding.

17.4.10 Mission Lock Review, Exception Handling, Correction, and Board Reporting.\
17.4.10(a) GCRI Canada shall maintain mission-lock review, exception handling, correction, and Board reporting processes.\
17.4.10(b) Mission-lock review shall be required for material programs, partnerships, funding arrangements, publications, technical releases, data practices, AI uses, Public Authority interfaces, finance-facing materials, provider relationships, sponsor relationships, National Company interfaces, Project SPV interfaces, and Nexus interfaces where mission drift risk exists.\
17.4.10(c) Exceptions shall be narrow, lawful, time-bounded where appropriate, recorded, reviewed, and subject to correction or termination if risk increases.\
17.4.10(d) Mission-lock breach or drift shall require correction, reclassification, public-safe clarification, controlled notice, access restriction, relationship restructuring, withdrawal, retraction, suspension, termination, or Board action as appropriate.\
17.4.10(e) Material mission-lock findings shall be reported to the Board or appropriate committee with corrective action, owner, deadline, residual risk, and recurrence-prevention measures.\
17.4.10(f) The controlling rule shall be that mission lock requires review, records, correction, and Board visibility.

### 17.5 Non-Execution Oversight

17.5.1 Board Duty to Preserve Non-Execution.\
17.5.1(a) The Board shall have a continuing duty to preserve GCRI Canada’s non-executing character.\
17.5.1(b) Non-execution means that GCRI Canada may steward evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, Open Technical Baselines, public-safe publication, public authority learning, Nexus Truth Engine Methods, Nexus Observatory Methods, and related upstream technical and institutional materials, but shall not itself execute regulated, sovereign, market, procurement, emergency, professional, financial, insurance, rating, certification, or infrastructure-operational acts.\
17.5.1(c) The Board shall ensure that the corporation’s programs, publications, dashboards, maps, datasets, technical baselines, rooms, repositories, AI systems, public authority learning materials, finance-facing materials, and Nexus interfaces preserve non-execution by design and by claim.\
17.5.1(d) Non-execution shall not be waived by urgency, partner expectation, public authority participation, sponsor request, provider capability, funding opportunity, technical capacity, or public demand.\
17.5.1(e) The controlling rule shall be that GCRI Canada’s credibility depends on doing upstream public-good work without becoming the downstream actor.

17.5.2 Oversight of Emergency Command Boundary.\
17.5.2(a) The Board shall oversee the emergency command boundary.\
17.5.2(b) GCRI Canada shall not command emergencies, dispatch resources, order evacuations, direct rescue, operate shelters, control logistics, allocate emergency assets, exercise incident command, or substitute for competent emergency-management authorities.\
17.5.2(c) Scenario materials, simulations, tabletop exercises, public authority learning materials, Observatory outputs, Truth Engine outputs, dashboards, maps, degraded-mode awareness materials, and technical baselines shall be decision-support or learning materials only and shall not become emergency command instruments by implication.\
17.5.2(d) Emergency-related materials shall require heightened no-command language, public-safe review, Public Authority boundary review, and correction path.\
17.5.2(e) Emergency command confusion shall require immediate hold, clarification, correction, withdrawal, access restriction, or referral to competent Public Authorities where appropriate.\
17.5.2(f) The controlling rule shall be that GCRI Canada may support emergency literacy but shall not command emergencies.

17.5.3 Oversight of Official Public Warning Boundary.\
17.5.3(a) The Board shall oversee the official public warning boundary.\
17.5.3(b) GCRI Canada shall not issue official public warnings, hazard notices, evacuation notices, emergency alerts, public health alerts, cyber advisories with public authority effect, infrastructure alerts with official status, or other public warnings reserved to competent Public Authorities.\
17.5.3(c) Dashboards, maps, Observatory outputs, Truth Engine outputs, AI outputs, digital twins, sensor signals, AI-RAN signals, O-RAN signals, DePIN records, cyber logs, blockchain anchors, proof receipts, confidence scores, and public-safe reports shall not become official warnings by Public Authority access, media attention, technical sophistication, or public distribution alone.\
17.5.3(d) Warning-adjacent materials shall require public-safe review, boundary language, update status, limitations, source lineage, confidence, uncertainty, correction path, and Public Authority review where required.\
17.5.3(e) Public warning confusion shall require immediate hold, correction, withdrawal, clarification, public-safe notice, controlled notice, or Public Authority coordination where appropriate.\
17.5.3(f) The controlling rule shall be that public-safe communication is not official public warning authority.

17.5.4 Oversight of Regulatory Boundary.\
17.5.4(a) The Board shall oversee the regulatory boundary.\
17.5.4(b) GCRI Canada shall not regulate, supervise compliance as a public authority, issue permits, grant safe harbor, approve legal compliance, determine enforcement positions, issue regulatory guidance, or substitute for any regulator.\
17.5.4(c) Technical baselines, methods, public-good software, reports, dashboards, evidence packs, Academy materials, public authority learning materials, and standards mappings shall not become regulatory requirements or compliance determinations by default.\
17.5.4(d) Regulator-listening participation shall not create regulatory endorsement, regulatory guidance, compliance approval, enforcement forbearance, safe harbor, or legal equivalence.\
17.5.4(e) Regulatory-ambiguous materials shall require legal review, Public Authority boundary review, controlled vocabulary review, and public claims review before release.\
17.5.4(f) The controlling rule shall be that GCRI Canada may support regulatory literacy without becoming a regulator.

17.5.5 Oversight of Procurement Boundary.\
17.5.5(a) The Board shall oversee the procurement boundary and procurement neutrality.\
17.5.5(b) GCRI Canada shall not conduct public procurement, select vendors for Public Authorities, award public contracts, create public tender preference, steer procurement, allocate markets, approve bids, or provide procurement scoring as a public authority.\
17.5.5(c) Provider participation, technical testing, benchmarking, demonstrations, labs, Nexus Universe activities, Observatory methods, evidence packs, dashboards, maps, public-good software, or Open Technical Baselines shall not create procurement advantage by default.\
17.5.5(d) Public Authorities shall retain their own procurement rules, decisions, records, and accountability.\
17.5.5(e) Procurement-sensitive contexts shall require competition safety, do-not-discuss controls, provider-neutrality controls, Public Authority capacity classification, public claims review, and correction path.\
17.5.5(f) The controlling rule shall be that evidence and learning shall not become procurement steering.

17.5.6 Oversight of Certification-by-Default Boundary.\
17.5.6(a) The Board shall oversee the certification-by-default boundary.\
17.5.6(b) GCRI Canada shall not be treated as certifying technologies, providers, systems, products, services, projects, National Companies, Project SPVs, public authority adoption, legal compliance, safety, cybersecurity, interoperability, maturity, financeability, insurability, or Nexus compatibility by default.\
17.5.6(c) Technical baselines, benchmark results, evidence packs, public-good software, reference implementations, methods, Observatory outputs, Truth Engine outputs, dashboards, maps, dataset releases, API releases, schema releases, Academy materials, and public-safe reports shall not be represented as certification unless a competent certification authority and proper record create that status.\
17.5.6(d) Claims using terms such as certified, verified, validated, approved, trusted, secure, finance-ready, insurance-ready, mature, Nexus-compatible, gridded, docketed, official, or proven shall require controlled vocabulary review and source authority review.\
17.5.6(e) Certification overclaim shall require correction, withdrawal, retraction, public-safe clarification, controlled notice, access restriction, or termination of misuse.\
17.5.6(f) The controlling rule shall be that GCRI Canada produces evidence and methods, not certification by implication.

17.5.7 Oversight of Investment Advice, Securities, Brokerage, Lending, Insurance, Underwriting, Rating, Guarantee, and Public Finance Boundaries.\
17.5.7(a) The Board shall oversee investment advice, securities, brokerage, lending, insurance, underwriting, rating, guarantee, and public finance boundaries.\
17.5.7(b) GCRI Canada shall not provide investment advice, securities advice, securities offering, solicitation, brokerage, finder activity, placement, underwriting, lending, insurance placement, insurance advice, rating, guarantee, credit approval, grant approval, MDB approval, DFI approval, sovereign finance approval, public finance approval, or capital commitment.\
17.5.7(c) Finance-facing evidence, proof inputs, capital-reader materials, finance-sensitive summaries, GRA-interface materials, National Company materials, Project SPV references, and public finance references shall include no-advice, no-solicitation, no-rating, no-guarantee, no-approval, no-commitment, no-provider-preference, no-public-authority-approval, and no-execution language where applicable.\
17.5.7(d) The Board shall preserve the role of The Global Risks Alliance (GRA) where finance-readiness, capital readability, proof-pack discipline, insurance-readiness, capital-reader rooms, RNFD, NFD, UNFSD, and regulated-perimeter discipline are implicated.\
17.5.7(e) Finance overclaim shall require immediate review, correction, access restriction, controlled notice, public-safe clarification, GRA routing, legal review, or withdrawal.\
17.5.7(f) The controlling rule shall be that finance readability is not finance execution.

17.5.8 Oversight of Professional Advice Boundary.\
17.5.8(a) The Board shall oversee the professional advice boundary.\
17.5.8(b) GCRI Canada shall not provide legal advice, engineering certification, medical advice, public health direction, accounting advice, tax advice, investment advice, insurance advice, cybersecurity certification, emergency-management instruction, professional licensure, or other regulated professional advice except through properly authorized professionals acting within lawful scope and with appropriate boundary language where applicable.\
17.5.8(c) Reports, methods, public-safe summaries, Academy materials, public authority learning materials, dashboards, maps, technical notes, AI outputs, and decision-support materials shall not be represented as substitutes for licensed professional judgment.\
17.5.8(d) Where professional domains are implicated, materials shall include limitations, scope, audience, reliance boundaries, professional-review status where applicable, and referral to competent professionals or Public Authorities where appropriate.\
17.5.8(e) Professional advice confusion shall require correction, clarification, withdrawal, or legal review.\
17.5.8(f) The controlling rule shall be that public-good evidence support shall not become unauthorized professional practice.

17.5.9 Oversight of Infrastructure Operation, Market Operation, National Company, Project SPV, Provider, and Protocol Authority Boundaries.\
17.5.9(a) The Board shall oversee infrastructure operation, market operation, National Company, Project SPV, provider, and Protocol Authority boundaries.\
17.5.9(b) GCRI Canada shall not operate infrastructure as a public authority, operate market infrastructure, operate regulated systems, operate exchanges, operate capital platforms, operate payment systems, operate National Companies, control Project SPVs, select providers for execution, or issue Protocol Authority effects by default.\
17.5.9(c) GCRI Canada may support National Nexus Consortiums, National Working Groups, Nexus Competence Cells, National Consortium Companies, Project SPVs, providers, hosts, and Protocol Authority through upstream evidence, methods, technical baselines, public-safe summaries, public-good software, and interface records, but such support shall remain bounded and role-separated.\
17.5.9(d) Technical integration, proof receipts, DLT anchors, APIs, schemas, role keys, smart licenses, entitlement states, observability outputs, and system interfaces shall not create Protocol Authority, market operation, provider preference, National Company control, Project SPV control, or execution authority unless proper competent authority and records create that effect.\
17.5.9(e) The controlling rule shall be that technical connectivity shall not become institutional control.

17.5.10 Non-Execution Escalation, Stop-the-Line, Correction, and Assurance.\
17.5.10(a) GCRI Canada shall maintain non-execution escalation, stop-the-line, correction, and assurance processes.\
17.5.10(b) Any director, officer, designated committee member, legal reviewer, compliance reviewer, records custodian, public-safe reviewer, safeguards reviewer, cybersecurity reviewer, data protection reviewer, or other authorized person may escalate or stop a matter where non-execution risk is credible.\
17.5.10(c) Stop-the-line action may include hold, quarantine, access restriction, publication pause, release pause, dashboard restriction, map withdrawal, room suspension, interface freeze, public claims review, legal review, GRA routing, GRF routing, Protocol Authority routing, Public Authority clarification, or Board escalation.\
17.5.10(d) Non-execution correction may include clarification, controlled notice, public-safe notice, supersession, withdrawal, retraction, downgrade, suspension, reclassification, access restriction, agreement amendment, participant discipline, or termination.\
17.5.10(e) Non-Execution Assurance shall periodically review programs, publications, technical systems, Public Authority interfaces, finance-facing materials, provider relationships, sponsor relationships, National Company interfaces, Project SPV interfaces, Protocol Authority interfaces, public claims, and records for execution drift.\
17.5.10(f) The controlling rule shall be that non-execution must be enforced through escalation, stop authority, correction, and assurance, not merely stated in principle.

### 17.6 Public-Good Stack and Nexus Role Separation Oversight

17.6.1 Board Duty to Preserve Public-Good Stack Alignment.\
17.6.1(a) The Board shall preserve GCRI Canada’s alignment with the Public-Good Stack as a core stewardship duty.\
17.6.1(b) Public-Good Stack alignment means that GCRI Canada shall remain an upstream evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, Open Technical Baselines, Nexus Truth Engine Methods, Nexus Observatory Methods, public-safe publication, validity-by-record, and correctionability institution.\
17.6.1(c) The Board shall ensure that GCRI Canada’s programs, funding, partnerships, publications, technical systems, data practices, AI use, Public Authority interfaces, provider interfaces, sponsor interfaces, National Company interfaces, Project SPV interfaces, and Nexus interfaces remain consistent with public-good stewardship rather than execution, market operation, procurement, finance, certification, public authority substitution, or private benefit.\
17.6.1(d) Public-Good Stack alignment shall require record-based authority, controlled vocabulary, correction paths, public-safe publication controls, anti-capture controls, sponsor non-control, provider neutrality, legal separateness, and role separation.\
17.6.1(e) The controlling rule shall be that GCRI Canada’s Board must preserve the public-good character of the institution before permitting expansion, integration, funding, visibility, or technical deployment.

17.6.2 Board Duty to Preserve One Rail / Two Stacks Discipline.\
17.6.2(a) The Board shall preserve One Rail / Two Stacks discipline.\
17.6.2(b) One Rail means that Nexus public-good institutions may share coherent evidence, records, controlled vocabulary, methods, correction, interoperability, and public-safe interpretation logic.\
17.6.2(c) Two Stacks means that the Public-Good Stack shall remain distinct from the Enterprise Stack, including National Consortium Companies, Project SPVs, Qualified Providers, sponsors, hosts, vendors, operators, investors, insurers, lenders, contractors, and other execution actors.\
17.6.2(d) The Board shall ensure that common terminology, shared repositories, shared records, shared interfaces, shared technical baselines, shared proof objects, shared rooms, shared events, shared public authority learning, or shared Nexus architecture do not create merger, agency, common ownership, shared liability, execution authority, provider preference, sponsor control, or public authority confusion.\
17.6.2(e) The controlling rule shall be that interoperability shall be preserved through records and interfaces, not through institutional collapse.

17.6.3 Board Duty to Preserve Public-Good Firewall.\
17.6.3(a) The Board shall preserve the Public-Good Firewall between GCRI Canada’s public-good stewardship functions and any enterprise, market, finance, procurement, regulated, sponsor-controlled, provider-controlled, or execution-facing activity.\
17.6.3(b) The Public-Good Firewall shall protect evidence, methods, observability, ontology, public-good software, technical baselines, public-safe publications, research outputs, data environments, controlled rooms, clean rooms, Public Authority interfaces, capital-reader interfaces, and correction decisions from improper influence.\
17.6.3(c) The Board shall ensure that Enterprise Stack actors may receive, read, contribute to, or interface with GCRI Canada outputs only under recorded authority, role classification, access controls, conflicts review, public claims limits, non-reliance language, correction obligations, and boundary language.\
17.6.3(d) The Public-Good Firewall shall prohibit pay-to-play, access-for-money, outcome purchase, publication suppression, sponsor veto, provider preference, procurement steering, finance signaling, recognition purchase, certification purchase, public authority access purchase, or private control of institutional truth.\
17.6.3(e) The controlling rule shall be that public-good stewardship must remain insulated from private, financial, political, sponsor, provider, and execution pressure.

17.6.4 Board Duty to Preserve GCRI / GRF / GRA / Protocol Authority Role Separation.\
17.6.4(a) The Board shall preserve the role separation among The Global Centre for Risk and Innovation (GCRI), The Global Risks Forum (GRF), The Global Risks Alliance (GRA), and Nexus Standards / Protocol Authority.\
17.6.4(b) GCRI Canada shall remain within the GCRI function as an evidence, research, methods, observability, ontology, technical truth, public-good R\&D, public-good software, and Open Technical Baselines steward.\
17.6.4(c) The Board shall ensure that GCRI Canada does not issue or imply The Global Risks Forum (GRF) registry status, recognition, standing, maturity records, claims-discipline determinations, stakeholder-formation determinations, public-safe reporting authority, or public-facing legitimacy.\
17.6.4(d) The Board shall ensure that GCRI Canada does not issue or imply The Global Risks Alliance (GRA) finance-readiness, capital readability, insurance-readiness, diligence-translation, proof-pack determinations, RNFD, NFD, UNFSD, investment advice, capital routing, lending, underwriting, rating, guarantee, public finance approval, or regulated-perimeter determinations.\
17.6.4(e) The Board shall ensure that GCRI Canada does not issue or imply Nexus Standards / Protocol Authority conformance effect, protocol validity, role keys, smart licenses, entitlement states, proof-receipt authority, anchoring discipline, technical validity states, or protocol effect by default.\
17.6.4(f) The controlling rule shall be that GCRI Canada may support GRF, GRA, and Protocol Authority with evidence and methods, but shall not become them by contribution, technical centrality, or public description.

17.6.5 Board Duty to Preserve Separation From Nexus Network, Nexus Universe, Nexus Observatory, Nexus Rails, Nexus Grid, Nexus Academy, Regional Nexus Consortiums, National Nexus Consortiums, National Companies, Project SPVs, Qualified Providers, Sponsors, Hosts, Public Authorities, Universities, Communities, and Capital Readers.\
17.6.5(a) The Board shall preserve GCRI Canada’s separation from Nexus Network, Nexus Universe, Nexus Observatory, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Risk Management, Nexus Competence Cells, Regional Nexus Consortiums, National Nexus Consortiums, National Working Groups, National Consortium Companies, Project SPVs, Qualified Providers, sponsors, hosts, Public Authorities, universities, laboratories, communities, civil society actors, media actors, and capital readers.\
17.6.5(b) GCRI Canada may interface with such actors through evidence, methods, research, public-good software, technical baselines, controlled rooms, public authority learning, public-safe summaries, technical notes, datasets, dashboards, maps, and correction records, but such interface shall not create merger, agency, authority transfer, endorsement, adoption, recognition, finance-readiness, certification, procurement advantage, public authority approval, provider preference, sponsor validation, or execution authority.\
17.6.5(c) Interfaces with Nexus Network shall not convert GCRI Canada into the entire network. Interfaces with Nexus Universe shall not convert GCRI Canada into an event company, sponsor platform, or public authority convening substitute. Interfaces with Nexus Observatory shall not convert GCRI Canada into an infrastructure operator, emergency command actor, public warning authority, or asset owner by default.\
17.6.5(d) Interfaces with Nexus Rails shall not convert GCRI Canada into a financial intermediary, capital platform, broker, insurer, underwriter, lender, rating agency, or public finance actor. Interfaces with Nexus Academy shall not create regulated professional certification, licensure, Public Authority qualification, or market credential by default.\
17.6.5(e) The controlling rule shall be that institutional adjacency shall be governed by role precision, not assumed unity.

17.6.6 Shared Records Without Shared Liability Oversight.\
17.6.6(a) The Board shall oversee shared records without shared liability.\
17.6.6(b) Shared records may support interoperability, evidence continuity, method traceability, correction, interface management, public-safe interpretation, and cross-entity alignment, but shall not create shared liability, common control, merger, agency, partnership, joint venture, parent-subsidiary status, alter ego status, shared treasury, joint employer status, authority transfer, or common execution authority by default.\
17.6.6(c) Each shared record shall identify owner, custodian, authority source, purpose, scope, classification, access class, handling class, public-safe status, retention, correction path, liability boundary, source limits, dependency links, and downstream use limits.\
17.6.6(d) Shared records with GRF, GRA, Protocol Authority, Nexus entities, Public Authorities, National Companies, Project SPVs, Qualified Providers, sponsors, hosts, universities, communities, or capital readers shall include role and liability boundary language where confusion risk exists.\
17.6.6(e) The controlling rule shall be that records may be shared for coherence without making responsibility shared by implication.

17.6.7 Nexus Interface Agreement Oversight.\
17.6.7(a) The Board shall oversee material Nexus interface agreements involving GCRI Canada.\
17.6.7(b) Nexus interface agreements shall define parties, purpose, scope, authority, role separation, legal separateness, data rules, AI-use rules, cybersecurity controls, IP treatment, public claims rules, Public Authority reference rules, finance-boundary rules, sponsor and provider controls, correction obligations, dispute routing, termination, survival, and closeout.\
17.6.7(c) Interface agreements shall not permit another Nexus entity, National Company, Project SPV, provider, sponsor, host, Public Authority, or capital actor to control GCRI Canada’s evidence, methods, publications, public-safe outputs, technical baselines, correction decisions, or institutional truth.\
17.6.7(d) Interface agreements shall route GRF matters to GRF, GRA matters to GRA, Protocol Authority matters to competent Protocol Authority, Public Authority decisions to competent Public Authorities, and execution matters to lawful execution actors.\
17.6.7(e) The controlling rule shall be that Nexus interface agreements must make separation operational, not merely recited.

17.6.8 Cross-Entity Mismatch, Divergence, and Overclaim Oversight.\
17.6.8(a) The Board shall oversee cross-entity mismatch, divergence, and overclaim risks.\
17.6.8(b) Mismatch may arise where GCRI Canada, GCRI US, GRF, GRA, Protocol Authority, Nexus entities, National Consortiums, National Companies, Project SPVs, providers, sponsors, Public Authorities, universities, or capital readers use different terms, records, status descriptions, maturity descriptions, public claims, data classifications, publication classes, or correction states.\
17.6.8(c) Divergence may arise across jurisdictions, entities, versions, languages, technical baselines, data governance rules, Public Authority meaning, finance meaning, GRF meaning, GRA meaning, or Protocol Authority meaning.\
17.6.8(d) Overclaim may arise where an actor uses GCRI Canada evidence, methods, publications, dashboards, maps, software, technical baselines, rooms, public authority learning, or Nexus references to claim status, authority, adoption, approval, readiness, certification, procurement advantage, provider preference, sponsor validation, or execution consequence beyond the source record.\
17.6.8(e) The Board shall require divergence logs, equivalence notes, correction records, controlled notices, public-safe notices, reference restrictions, role clarification, or interface redesign where mismatch, divergence, or overclaim creates material risk.\
17.6.8(f) The controlling rule shall be that cross-entity coherence requires visible divergence management, not silent harmonization by assumption.

17.6.9 Public-Good Stack Assurance and Periodic Nexus Alignment Review.\
17.6.9(a) GCRI Canada shall conduct Public-Good Stack Assurance and periodic Nexus Alignment Review under Board oversight.\
17.6.9(b) Assurance shall review whether GCRI Canada remains aligned with its evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, Open Technical Baselines, public-safe publication, validity-by-record, correctionability, and non-execution role.\
17.6.9(c) Assurance shall assess Public-Good Firewall integrity, One Rail / Two Stacks discipline, GRF / GRA / Protocol Authority role separation, shared records, interface agreements, public claims, data interfaces, AI interfaces, technical releases, Public Authority interfaces, sponsor relationships, provider relationships, National Company interfaces, Project SPV interfaces, and capital-reader interfaces.\
17.6.9(d) Assurance findings shall identify drift, mismatch, missing records, role ambiguity, unapproved claims, overclaim, dependency risk, capture risk, correction gaps, and required corrective actions.\
17.6.9(e) The controlling rule shall be that Nexus alignment must be tested periodically because role drift can arise through growth, convenience, shared systems, and public narrative.

17.6.10 Nexus Role Separation Records and Corrective Actions.\
17.6.10(a) GCRI Canada shall maintain Nexus Role Separation records and corrective action records for material interface and role-separation matters.\
17.6.10(b) Records shall identify the actors, interface, purpose, authority source, role boundaries, shared records, shared systems, data classes, technical assets, public claims permissions, Public Authority references, finance references, provider references, sponsor references, liability boundaries, correction path, and closeout.\
17.6.10(c) Corrective actions may include boundary clarification, public-safe notice, controlled notice, record correction, interface amendment, access restriction, claim withdrawal, publication correction, dashboard correction, map correction, dataset correction, software release correction, agreement amendment, suspension, termination, or Board escalation.\
17.6.10(d) Nexus Role Separation records shall be treated as constitutional governance records where role ambiguity, shared authority, public claims, Public Authority meaning, finance meaning, or execution ambiguity is material.\
17.6.10(e) The controlling rule shall be that role separation must be evidenced by records and enforceable by correction.

### 17.7 Evidence, Methods, Research, and Technical Truth Oversight

17.7.1 Board Oversight of Evidence Doctrine.\
17.7.1(a) The Board shall oversee GCRI Canada’s evidence doctrine as a core element of institutional stewardship.\
17.7.1(b) Evidence doctrine shall require that material evidence records identify provenance, custody, source lineage, classification, confidence, uncertainty, limitations, handling class, access class, public-safe status, legal or approval basis where applicable, source limits, review status, and correction path.\
17.7.1(c) Evidence doctrine shall apply to raw data, telemetry, documents, Public Authority inputs, community inputs, sensor readings, AI-RAN signals, O-RAN signals, DePIN records, cyber logs, digital twin outputs, geospatial data, model outputs, AI outputs, research submissions, provider attestations, host inputs, and public-safe materials.\
17.7.1(d) The Board shall ensure that evidence outputs do not become recognition, maturity status, finance-readiness, certification, public authority approval, procurement approval, public warning, emergency command, provider preference, sponsor validation, or execution authority by implication.\
17.7.1(e) The controlling rule shall be that evidence must be governed as evidence and not allowed to drift into authority.

17.7.2 Board Oversight of Methods Stewardship.\
17.7.2(a) The Board shall oversee methods stewardship.\
17.7.2(b) Methods shall be versioned, reviewable, challengeable, fit for purpose, public-safe where released, reproducible where lawful and appropriate, limitations-aware, correctionable, and linked to evidence records, source records, data records, model records, software records, and publication records where applicable.\
17.7.2(c) Methods stewardship shall include oversight of method libraries, review gates, peer or expert review where appropriate, source integrity, reproducibility packages, benchmark methods, evaluation harnesses, confidence and uncertainty treatment, dependency notes, and correction records.\
17.7.2(d) The Board shall prevent methods from being shaped by sponsor preference, provider preference, public authority pressure, finance signaling, publication pressure, or technical convenience.\
17.7.2(e) The controlling rule shall be that methods must remain independent, records-valid, reviewable, and correctionable.

17.7.3 Board Oversight of Observability Methods.\
17.7.3(a) The Board shall oversee observability methods used by or under GCRI Canada.\
17.7.3(b) Observability methods may include systems for sensing, telemetry, dashboards, maps, degraded-mode awareness, incident signals, AI-RAN signals, O-RAN signals, DePIN signals, cyber logs, digital twins, geospatial inputs, Earth observation data, infrastructure indicators, climate and disaster indicators, WEFH indicators, and mission-critical system indicators.\
17.7.3(c) Observability methods shall be governed by source lineage, data classification, public-safe review, update status, confidence, uncertainty, limitations, cybersecurity, privacy, protected knowledge controls, public authority boundaries, public warning boundaries, and correction paths.\
17.7.3(d) The Board shall ensure that observability outputs do not become official public warnings, emergency commands, regulatory determinations, public authority decisions, procurement signals, finance signals, or execution instructions by implication.\
17.7.3(e) The controlling rule shall be that observability supports understanding and learning, not public authority command.

17.7.4 Board Oversight of Ontology and Controlled Vocabulary.\
17.7.4(a) The Board shall oversee ontology and controlled vocabulary where such systems carry legal, governance, evidentiary, technical, public-safe, Public Authority, finance, recognition, certification, protocol, Nexus-interface, or execution-adjacent meaning.\
17.7.4(b) Ontology and controlled vocabulary shall stabilize institutional meaning, prevent semantic drift, preserve interoperability, support evidence comparability, protect role separation, and prevent authority terms from being used as marketing terms.\
17.7.4(c) Controlled terms such as verified, validated, recognized, certified, approved, official, public-safe, finance-ready, insurance-ready, investment-ready, procurement-ready, public authority, proof, truth, confidence, readiness, maturity, docketed, gridded, Nexus-compatible, protocol-conformant, secure, trusted, and adopted shall be governed by definition, permitted use, prohibited use, public-safe definition, translation notes, localization notes, and correction path.\
17.7.4(d) The Board shall require vocabulary drift detection, vocabulary correction, translation review, localization review, and public claims correction where terms are misused or inflated.\
17.7.4(e) The controlling rule shall be that semantic governance is governance, not copy editing.

17.7.5 Board Oversight of Nexus Truth Engine Methods.\
17.7.5(a) The Board shall oversee GCRI Canada’s role in supporting Nexus Truth Engine Methods.\
17.7.5(b) Nexus Truth Engine Methods shall be treated as governed methods, evidence structuring, validation logic, source-lineage discipline, confidence and uncertainty treatment, challengeability mechanisms, correction paths, and public-safe interpretation tools, not as autonomous authority.\
17.7.5(c) AI outputs, algorithmic classifications, confidence scores, inference records, retrieval outputs, embeddings, model summaries, digital twin outputs, proof receipts, blockchain anchors, or automated indicators shall not be treated as institutional truth unless supported by proper records, human review where required, method authority, source authority, limitations, and correction path.\
17.7.5(d) The Board shall ensure that Truth Engine Methods preserve privacy, data rights, protected knowledge, Public Authority boundaries, finance boundaries, public-safe claims, cybersecurity, and non-execution.\
17.7.5(e) The controlling rule shall be that truth-engine methods may support truth stewardship but shall not replace records, review, or lawful authority.

17.7.6 Board Oversight of Nexus Observatory Methods.\
17.7.6(a) The Board shall oversee GCRI Canada’s role in supporting Nexus Observatory Methods.\
17.7.6(b) Nexus Observatory Methods shall support collection, structuring, validation, custody, interpretation, correction, and routing of evidence concerning exponential and mission-critical technologies, resilience systems, public authority learning contexts, and public-safe reporting materials.\
17.7.6(c) Observatory Methods shall not convert GCRI Canada into an infrastructure operator, emergency command actor, public warning authority, asset owner, public authority, provider, or execution actor by default.\
17.7.6(d) The Board shall ensure that Observatory Methods involving sensors, AI-RAN, O-RAN, DePIN, cyber logs, geospatial systems, digital twins, dashboards, maps, or public authority data are governed by data classification, cybersecurity, public-safe review, source limits, update status, and correctionability.\
17.7.6(e) The controlling rule shall be that observatory methods must make systems more legible without making GCRI Canada the operator or authority.

17.7.7 Board Oversight of Public-Good R\&D and Research Integrity.\
17.7.7(a) The Board shall oversee public-good R\&D and research integrity.\
17.7.7(b) Public-good R\&D shall be governed by research purpose, lawful basis, ethics review where applicable, data governance, AI-use controls, conflict management, sponsor and provider independence, peer or expert review where appropriate, reproducibility where lawful and appropriate, publication controls, IP controls, and correction paths.\
17.7.7(c) The Board shall ensure that research outputs do not overstate certainty, impact, maturity, readiness, safety, legality, financeability, insurability, public authority adoption, provider preference, or Nexus compatibility.\
17.7.7(d) Sponsor, donor, funder, provider, host, Public Authority, university, or capital-reader involvement in research shall be disclosed, bounded, conflict-managed, and prevented from controlling design, data selection, methods, interpretation, publication, or correction.\
17.7.7(e) The controlling rule shall be that public-good R\&D must remain independent, lawful, useful, and correctable.

17.7.8 Board Oversight of Public-Safe Publications, Dashboards, Maps, Datasets, Technical Notes, and Communications.\
17.7.8(a) The Board shall oversee the governance framework for public-safe publications, dashboards, maps, datasets, technical notes, whitepapers, reports, Academy materials, public authority learning materials, media statements, social media statements, websites, speeches, and public communications.\
17.7.8(b) Public outputs shall be supported by evidence records, method records, source records, review records, public-safe status, controlled vocabulary, limitations, boundary language, correction path, and publication authority.\
17.7.8(c) Dashboards and maps shall be treated as evidence visualizations, not authority by default, and shall include source lineage, update status, confidence, uncertainty, missing-data treatment, limitations, privacy controls, public authority boundaries, public warning boundaries, protected knowledge controls, and correction paths.\
17.7.8(d) Dataset and technical releases shall be reviewed for privacy, re-identification risk, protected knowledge, cybersecurity, export control, sanctions, controlled technology, licensing, IP, SBOM, dependency risk, and public-safe documentation.\
17.7.8(e) The controlling rule shall be that public communication must not create reliance beyond the record.

17.7.9 Board Oversight of Correction, Supersession, Withdrawal, Retraction, Downgrade, Suspension, and Reinstatement.\
17.7.9(a) The Board shall oversee correctionability as a constitutional doctrine of GCRI Canada.\
17.7.9(b) Material evidence, methods, publications, dashboards, maps, datasets, software releases, technical baselines, public claims, Public Authority references, finance references, provider references, sponsor references, Nexus references, and interface records shall be subject to correction, clarification, erratum, reclassification, downgrade, upgrade, suspension, supersession, withdrawal, retraction, retirement, reinstatement, archive, sealing, or deletion where lawful and required.\
17.7.9(c) Correction triggers include factual error, method error, source error, data quality error, model error, AI hallucination, cybersecurity incident, privacy issue, Public Authority misdescription, finance overclaim, recognition overclaim, certification overclaim, protocol overclaim, provider preference, sponsor control, protected knowledge issue, legal issue, public harm, misinterpretation, or unsafe output.\
17.7.9(d) The Board shall ensure that correction records identify affected materials, affected audiences, affected dependencies, correction state, authority, notice, implementation, downstream dependency review, and closeout.\
17.7.9(e) The controlling rule shall be that correction is a governance strength and a Board-protected duty.

17.7.10 Evidence, Methods, Research, and Technical Truth Oversight Records.\
17.7.10(a) GCRI Canada shall maintain Evidence, Methods, Research, and Technical Truth Oversight records under Board oversight.\
17.7.10(b) Records shall include evidence registers, method registers, ontology registers, controlled vocabulary registers, dataset registers, model registers, benchmark records, system cards, model cards, dataset cards, inference records, Truth Engine records, Observatory records, research records, peer-review records, publication records, public-safe review records, correction records, and assurance reports.\
17.7.10(c) Records shall identify owner, custodian, authority, source lineage, classification, access class, handling class, public-safe status, review status, limitations, dependencies, version, correction path, and downstream interfaces where applicable.\
17.7.10(d) Oversight records shall be retained, secured, versioned, and linked to the authoritative repository or relevant register.\
17.7.10(e) The controlling rule shall be that technical truth oversight must itself be traceable, auditable, and correctionable.

### 17.8 Data, AI, Cybersecurity, and Technical Asset Oversight

17.8.1 Board Oversight of Privacy and Data Rights.\
17.8.1(a) The Board shall oversee privacy and data rights as constitutional safeguards and governance obligations.\
17.8.1(b) Privacy and data rights oversight shall include lawful basis, purpose limitation, data minimization, accuracy, storage limitation, access rights, correction rights, deletion rights where applicable, restriction rights where applicable, complaints, grievances, remedies, retention, sealing, deletion, public-safe release, and breach response.\
17.8.1(c) The Board shall ensure that GCRI Canada does not treat Personal Information, Rights-Bearing Data, Public Authority Data, Health-Sensitive Data, Cyber-Sensitive Data, Infrastructure-Sensitive Data, Finance-Sensitive Data, Community-Protected Data, Indigenous knowledge, Local knowledge, Territorial knowledge, Cultural knowledge, Environmental knowledge, or Protected Knowledge as general-purpose institutional fuel.\
17.8.1(d) Material data activities shall be subject to data protection review, rights impact assessment, privacy impact assessment where required or appropriate, public-safe review, and correction paths.\
17.8.1(e) The controlling rule shall be that data stewardship must be rights-respecting, purpose-bound, minimized, protected, and correctionable.

17.8.2 Board Oversight of Rights-Bearing Data and Sovereign Data Zones.\
17.8.2(a) The Board shall oversee Rights-Bearing Data and Sovereign Data Zones.\
17.8.2(b) Rights-Bearing Data means data that may affect human rights, dignity, privacy, safety, access, inclusion, exclusion, reputation, Public Authority treatment, community interests, cultural integrity, protected knowledge, or public trust.\
17.8.2(c) Sovereign Data Zones shall be treated as governance instruments for jurisdictional respect, lawful control, localization, access governance, logging, auditability, segregation, and trust.\
17.8.2(d) The Board shall ensure that rights-bearing and sovereign-sensitive data are not centralized, exported, mirrored, cached, trained on, embedded, retrieved, published, or reused in ways that defeat lawful authority, local context, sovereign expectations, community safeguards, or protected knowledge controls.\
17.8.2(e) The controlling rule shall be that sovereignty and rights are design requirements, not post-release explanations.

17.8.3 Board Oversight of Compute-to-Data, Cross-Border Transfers, and Data Localization.\
17.8.3(a) The Board shall oversee compute-to-data, cross-border transfers, and data localization.\
17.8.3(b) Compute-to-data shall be the preferred default for restricted, sensitive, confidential, controlled-room, clean-room, Public Authority, community-protected, protected knowledge, or sovereign-sensitive data where feasible and appropriate.\
17.8.3(c) Cross-border transfer shall be treated as an exception requiring recorded legal, safeguards, classification, privacy, cybersecurity, conflict-of-law, and public-safe review.\
17.8.3(d) Data localization requirements shall be determined by applicable law, agreements, classification, public authority terms, community safeguards, protected knowledge controls, sovereign expectations, and institutional trust requirements.\
17.8.3(e) The Board shall ensure that emergency transfers, remote access, cloud replication, data-room sharing, AI processing, and technical support do not bypass transfer or localization controls.\
17.8.3(f) The controlling rule shall be that data should move only where lawful, necessary, safeguarded, recorded, and more appropriate than safer alternatives.

17.8.4 Board Oversight of AI Use, Model Governance, Verifiable Compute, Verifiable Intelligence, Inference Records, and Agentic AI.\
17.8.4(a) The Board shall oversee AI use, model governance, verifiable compute, verifiable intelligence, inference records, and agentic AI.\
17.8.4(b) Material AI use shall require authority, purpose, model register entry, dataset or retrieval-source review, data classification, AI-use limits, human review where required, inference records for material outputs, public-safe review where external use is possible, and correction path.\
17.8.4(c) GCRI Canada shall prohibit unauthorized training, fine-tuning, embedding, retrieval, model improvement, prompt upload, or AI processing of restricted, confidential, personal, rights-bearing, Public Authority, health-sensitive, cyber-sensitive, infrastructure-sensitive, finance-sensitive, community-protected, or protected knowledge materials.\
17.8.4(d) Verifiable compute and verifiable intelligence shall require appropriate logs, attestations, provenance, benchmarks, controls, audits, proof references, custody, limitations, and correction pathways.\
17.8.4(e) Agentic AI shall not execute institutional, public authority, financial, procurement, emergency, legal, publication, access, or technical-release actions without recorded authority, human accountability, access controls, logs, and review gates appropriate to risk.\
17.8.4(f) The controlling rule shall be that AI may assist evidence and methods but shall not become authority, execution, or institutional truth by default.

17.8.5 Board Oversight of Cybersecurity, Secure Collaboration, Controlled Rooms, Clean Rooms, Repositories, Secure Release, Incident Response, and Breach Handling.\
17.8.5(a) The Board shall oversee cybersecurity, secure collaboration, controlled rooms, clean rooms, repositories, secure release, incident response, and breach handling.\
17.8.5(b) Cybersecurity oversight shall include identity and access, authentication, multi-factor authentication where required, privileged access, secrets management, key management, secure collaboration, logging, vulnerability management, patch management, repository security, supply-chain security, backup, disaster recovery, incident preparedness, and third-party security.\
17.8.5(c) Controlled rooms and clean rooms shall be governed by purpose, role classification, access criteria, confidentiality, AI-use restrictions, data minimization, output review, copy controls, logging, public claims limits, and closeout.\
17.8.5(d) Secure release shall require security review, privacy review, data review, export-control review where applicable, sanctions review where applicable, SBOM, signing, hashing, release notes, known issues, security status, public-safe documentation, and correction path.\
17.8.5(e) Breach handling shall include containment, preservation, investigation, impact assessment, notification where required or appropriate, remediation, correction, withdrawal, access revocation, lessons learned, and Board or committee reporting where material.\
17.8.5(f) The controlling rule shall be that technical systems are governance surfaces and must be secured as such.

17.8.6 Board Oversight of Public-Good Software, Open Technical Baselines, Reference Architectures, IP, Licensing, Anti-Enclosure, and Secure Release.\
17.8.6(a) The Board shall oversee public-good software, Open Technical Baselines, reference architectures, IP, licensing, anti-enclosure, and secure release.\
17.8.6(b) Public-good software and Open Technical Baselines shall be maintained as public-benefit technical assets whose value depends on integrity, reviewability, versioning, portability, lawful openness, public-safe release, and correctionability.\
17.8.6(c) IP and licensing terms shall preserve public-good reuse, contributor rights, attribution accuracy, moral rights treatment where applicable, license compatibility, security, privacy, export-control compliance, protected knowledge safeguards, and anti-enclosure.\
17.8.6(d) The Board shall ensure that no sponsor, provider, contributor, maintainer, vendor, host, funder, National Company, Project SPV, or private actor obtains hidden control, proprietary gatekeeping, exclusive constitutional leverage, or market allocation through technical assets.\
17.8.6(e) The controlling rule shall be that public-good technical assets may be governed and secured without becoming privately enclosed.

17.8.7 Board Oversight of Technical Asset Maintenance, Continuity, and Sustainability.\
17.8.7(a) The Board shall oversee technical asset maintenance, continuity, and sustainability.\
17.8.7(b) Material technical assets shall have owner, custodian, maintainer, repository, version, license, dependency inventory, security status, release state, support status, public-safe status, known issues, correction path, retirement plan, and continuity plan where appropriate.\
17.8.7(c) Technical asset continuity shall address key-person risk, maintainer succession, platform dependency, vendor dependency, cloud dependency, repository dependency, funding dependency, documentation sufficiency, backup, migration, archive, and exit readiness.\
17.8.7(d) Sustainability shall not justify proprietary enclosure, sponsor control, provider preference, access-for-money, or technical debt that undermines public trust.\
17.8.7(e) The controlling rule shall be that public-good technical assets require stewardship beyond launch.

17.8.8 Board Oversight of Third-Party, Vendor, Provider, Cloud, AI, Repository, and Subprocessor Risk.\
17.8.8(a) The Board shall oversee third-party, vendor, provider, cloud, AI, repository, and subprocessor risk for material systems and relationships.\
17.8.8(b) Third-party review shall assess security, privacy, data residency, AI-use terms, model-training restrictions, confidentiality, breach notice, deletion, audit rights, subprocessor limits, export controls, sanctions, IP, availability, interoperability, exit rights, and continuity.\
17.8.8(c) No third party shall use GCRI Canada data, materials, prompts, embeddings, repositories, outputs, or technical assets for model training, product improvement, marketing, secondary use, or resale without recorded authority and lawful basis.\
17.8.8(d) Third-party dependency shall not create sponsor control, provider capture, vendor lock-in, hidden data transfer, uncontrolled replication, or inability to correct, retrieve, delete, migrate, or archive records.\
17.8.8(e) The controlling rule shall be that outsourcing technical function shall not outsource fiduciary responsibility.

17.8.9 Board Oversight of High-Risk Technical Domains and Controlled Technology.\
17.8.9(a) The Board shall oversee high-risk technical domains and controlled technology.\
17.8.9(b) High-risk technical domains may include artificial intelligence, agentic AI, AI-RAN, O-RAN, private wireless, telecommunications, sovereign compute, high-performance computing, confidential computing, verifiable compute, blockchain, distributed ledger technology, DePIN, cybersecurity, cyber-physical systems, operational technology, critical infrastructure, robotics, drones, autonomous systems, geospatial systems, satellite systems, digital twins, biosecurity, health-sensitive systems, energy systems, semiconductors, advanced manufacturing, supply chains, quantum-relevant systems, and other controlled or mission-critical technologies.\
17.8.9(c) Controlled technology review shall consider export controls, sanctions, dual-use risk, cybersecurity, public safety, Public Authority sensitivity, infrastructure sensitivity, protected knowledge, misuse risk, public-safe publication, secure release, access controls, and legal review where required.\
17.8.9(d) The Board shall ensure that technical ambition does not outrun safeguards, lawful authority, publication controls, repository security, or correctionability.\
17.8.9(e) The controlling rule shall be that high-risk technical domains require stronger governance before broader exposure.

17.8.10 Data, AI, Cybersecurity, and Technical Asset Oversight Records.\
17.8.10(a) GCRI Canada shall maintain Data, AI, Cybersecurity, and Technical Asset Oversight records under Board oversight.\
17.8.10(b) Records shall include data inventories, processing registers, data-sharing registers, Public Authority Data registers, Sovereign Data Zone registers, cross-border transfer registers, AI-use registers, model registers, inference records, cybersecurity registers, asset registers, system registers, access registers, key and secret registers, repository registers, SBOM registers, vulnerability registers, incident registers, breach registers, secure release registers, third-party registers, and continuity records.\
17.8.10(c) Records shall identify owner, custodian, authority, classification, access class, handling class, public-safe status, legal basis or approval basis, retention, transfer limits, AI-use limits, cybersecurity controls, dependencies, incidents, correction path, and closeout.\
17.8.10(d) Material findings shall be reported to the Board or appropriate committee with corrective action plans, risk status, owner, deadline, residual risk, and assurance schedule.\
17.8.10(e) The controlling rule shall be that technical oversight must be visible in records before it can be trusted.

### 17.9 Public Authority, Community Safeguards, and Public Trust Oversight

17.9.1 Board Oversight of Public Authority Learning and Government Interfaces.\
17.9.1(a) The Board shall oversee Public Authority learning and government interfaces.\
17.9.1(b) Public Authority learning shall support evidence literacy, technical literacy, AI literacy, cyber literacy, data governance literacy, public-safe claims literacy, observability interpretation, Truth Engine interpretation, scenario learning, simulation learning, tabletop learning, and after-action learning.\
17.9.1(c) Public Authority learning shall not constitute regulatory guidance, public procurement advice, public finance approval, official public warning, emergency command, public adoption, public-private partnership, sovereign obligation, funding approval, or delegated Public Authority action by GCRI Canada.\
17.9.1(d) Government interfaces shall be capacity-classified, reference-approved, data-controlled, public-safe, non-endorsing, non-delegating, and correctionable.\
17.9.1(e) The controlling rule shall be that GCRI Canada may support Public Authority learning without becoming a Public Authority.

17.9.2 Board Oversight of Capacity Classification and Non-Endorsement.\
17.9.2(a) The Board shall oversee capacity classification and non-endorsement controls for Public Authority participation.\
17.9.2(b) Capacity classification shall distinguish official capacity, observer status, regulator-listening status, public finance reader status, emergency-management participant status, public health participant status, public infrastructure operator status, Indigenous government participation, personal capacity, non-attributable participation, data-provider status, and other relevant capacities.\
17.9.2(c) Public Authority names, logos, titles, agency names, jurisdictions, photos, quotes, attendance, and data contributions shall require reference approval before public use where risk exists.\
17.9.2(d) Public Authority participation shall not imply endorsement, adoption, regulation, procurement approval, funding approval, public finance approval, public warning, emergency command, public-private partnership, public adoption, or sovereign obligation.\
17.9.2(e) The controlling rule shall be that Public Authority proximity must be classified before it is described.

17.9.3 Board Oversight of Public Warning, Emergency Command, Regulatory, Procurement, Funding, and Public Finance Boundaries.\
17.9.3(a) The Board shall oversee public warning, emergency command, regulatory, procurement, funding, and public finance boundaries.\
17.9.3(b) GCRI Canada shall not issue official public warnings, command emergencies, regulate, procure, approve funding, approve public finance, approve grants, approve MDB or DFI finance, issue public guarantees, create sovereign obligations, or substitute for competent Public Authorities.\
17.9.3(c) Dashboards, maps, Observatory outputs, Truth Engine outputs, public authority learning materials, public-safe reports, technical baselines, scenarios, simulations, public authority rooms, and evidence packs shall contain appropriate boundary language where Public Authority confusion risk exists.\
17.9.3(d) Boundary breaches shall require immediate hold, correction, withdrawal, clarification, public-safe notice, controlled notice, Public Authority coordination, legal review, or Board escalation.\
17.9.3(e) The controlling rule shall be that public authority meaning shall arise only from competent Public Authority action, not from GCRI Canada materials.

17.9.4 Board Oversight of Indigenous, Community, Local, Territorial, Cultural, Environmental, and Protected Knowledge Safeguards.\
17.9.4(a) The Board shall oversee Indigenous, community, local, territorial, cultural, environmental, and Protected Knowledge safeguards.\
17.9.4(b) Such safeguards shall apply to knowledge, data, testimony, maps, locations, cultural sites, environmental knowledge, community context, territorial knowledge, public-safe summaries, AI outputs, datasets, dashboards, repositories, publications, and media materials.\
17.9.4(c) GCRI Canada shall not extract, map, model, publish, train on, embed, retrieve, commercialize, disclose, or reuse protected knowledge beyond recorded authority, consent or non-consent conditions where applicable, community safeguards, access controls, public-safe review, and correction paths.\
17.9.4(d) The Board shall ensure that vulnerable communities, remote communities, protected persons, confidential sources, whistleblowers, youth where applicable, and persons in sensitive roles are protected against exposure, retaliation, coercion, misattribution, and dignity harm.\
17.9.4(e) The controlling rule shall be that protected participation is not data acquisition.

17.9.5 Board Oversight of Participation, Grievance, Remedy, Non-Retaliation, and Accessibility.\
17.9.5(a) The Board shall oversee participation, grievance, remedy, non-retaliation, and accessibility.\
17.9.5(b) Participation pathways shall be role-classified, safeguard-aware, accessible where required or appropriate, non-extractive, non-coercive, and correctionable.\
17.9.5(c) Grievance and remedy pathways shall permit good-faith concerns, dissent, safeguards objections, public claims concerns, data concerns, AI concerns, cybersecurity concerns, protected knowledge concerns, Public Authority concerns, finance-boundary concerns, procurement-boundary concerns, and correction requests to be raised without retaliation.\
17.9.5(d) Accessibility shall support meaningful participation, public-safe understanding, governance legibility, and procedural fairness without diluting operative legal meaning.\
17.9.5(e) The controlling rule shall be that public trust requires safe participation, real grievance pathways, and correctionable remedies.

17.9.6 Board Oversight of Public-Safe Mapping and Sensitive Location Controls.\
17.9.6(a) The Board shall oversee public-safe mapping and sensitive location controls.\
17.9.6(b) Maps and geospatial outputs shall be treated as evidence visualizations, not official hazard notices, public warnings, public authority decisions, or execution instructions by default.\
17.9.6(c) Public-safe mapping review shall address infrastructure-sensitive locations, cultural sites, Indigenous knowledge, Local knowledge, Territorial knowledge, Environmental knowledge, Protected Knowledge, vulnerable communities, protected persons, group harm, resolution, precision, timing, source lineage, confidence, uncertainty, limitations, legends, update status, and correction path.\
17.9.6(d) GCRI Canada shall avoid harmful over-precision, exposure of sensitive sites, map-based targeting, re-identification, or publication of protected locations where public-safe transformation is insufficient.\
17.9.6(e) The controlling rule shall be that mapping must make risk legible without making people, places, or systems vulnerable.

17.9.7 Board Oversight of Media, Public Claims, Impact Claims, and Public Communications.\
17.9.7(a) The Board shall oversee governance of media, public claims, impact claims, and public communications.\
17.9.7(b) Public claims shall require supporting records, controlled vocabulary, publication authority, public-safe status, source authority, limitations, conflicts, sponsor and provider role disclosure where material, Public Authority reference approval where applicable, and correction path.\
17.9.7(c) Impact claims shall require evidence, attribution discipline, counterfactual caution, stage truth, limitation awareness, sponsor amplification controls, narrative acceleration controls, and correctionability.\
17.9.7(d) Media statements, social media statements, speeches, websites, panels, interviews, podcasts, op-eds, press releases, and public comments shall preserve personal-capacity versus institutional-capacity distinctions and shall not create unauthorized Public Authority, finance, recognition, certification, provider, sponsor, Nexus-compatible, or execution claims.\
17.9.7(e) The controlling rule shall be that public communications must be accurate by record and restrained by boundary.

17.9.8 Board Oversight of Misdescription, Overclaim, Harm, and Public Trust Risk.\
17.9.8(a) The Board shall oversee misdescription, overclaim, harm, and public trust risk.\
17.9.8(b) Misdescription includes inaccurate or misleading description of GCRI Canada’s role, Public Authority participation, sponsor role, provider role, GRF role, GRA role, Protocol Authority role, Nexus role, National Company role, Project SPV role, technical asset status, maturity status, public-safe status, evidence basis, or correction state.\
17.9.8(c) Overclaim includes claims of endorsement, adoption, recognition, finance-readiness, certification, approval, public warning, emergency command, procurement advantage, provider preference, sponsor validation, public authority effect, protocol effect, Nexus compatibility, or execution authority beyond proper records.\
17.9.8(d) Harm risk includes privacy harm, dignity harm, community harm, protected knowledge harm, public authority confusion, finance harm, procurement distortion, cybersecurity harm, misinformation, unsafe reliance, public warning confusion, and institutional trust erosion.\
17.9.8(e) The Board shall ensure that misdescription, overclaim, or harm risk triggers correction, clarification, withdrawal, retraction, controlled notice, public-safe notice, access restriction, or relationship review as appropriate.\
17.9.8(f) The controlling rule shall be that public trust is protected by correcting misunderstanding before it becomes reliance.

17.9.9 Board Oversight of Public-Safe Transparency and Lawful Protection.\
17.9.9(a) The Board shall oversee public-safe transparency and lawful protection.\
17.9.9(b) Transparency shall be treated as a public-good value bounded by law, safety, privacy, cybersecurity, Public Authority duties, protected knowledge, confidentiality, IP, competition, legal privilege, and public harm prevention.\
17.9.9(c) GCRI Canada may provide public-safe transparency reports, annual public-safe reports, Gazette notices, public-safe technical baseline summaries, public-safe correction summaries, public-safe publication registers, and other controlled disclosures where appropriate.\
17.9.9(d) Transparency shall not require uncontrolled disclosure, exposure of sensitive materials, publication of protected knowledge, release of cyber-sensitive information, disclosure of personal information, or disclosure of Public Authority sensitive data.\
17.9.9(e) The controlling rule shall be that transparency must make the institution accountable without making protected persons, data, places, systems, or lawful obligations unsafe.

17.9.10 Public Authority, Safeguards, and Public Trust Oversight Records.\
17.9.10(a) GCRI Canada shall maintain Public Authority, Safeguards, and Public Trust Oversight records under Board oversight.\
17.9.10(b) Records shall include Public Authority participation registers, capacity classification records, Public Authority reference approvals, Public Authority Data records, public authority learning records, safeguard records, protected knowledge records, community participation records, grievance records, remedy records, non-retaliation records, accessibility records, public-safe mapping records, media records, public claims records, impact claims records, correction records, and assurance reports.\
17.9.10(c) Records shall identify owner, custodian, authority, scope, classification, access class, handling class, public-safe status, affected persons or communities where appropriate, Public Authority status, consent or non-consent conditions where applicable, limitations, correction path, and closeout.\
17.9.10(d) Material findings shall be reported to the Board or appropriate committee with corrective action, responsible owner, deadline, residual risk, and recurrence-prevention measures.\
17.9.10(e) The controlling rule shall be that public trust oversight must be recorded because public trust cannot be protected by assertion alone.

### 17.10 Board Composition Principles

17.10.1 Board Composition Shall Support Public-Benefit Governance, Technical Systemic, Legal Compliance, Independence, and Public Trust.\
17.10.1(a) Board composition shall support public-benefit governance, technical systemic competence, legal compliance, independence, institutional continuity, public trust, and mission lock.\
17.10.1(b) The Board shall collectively possess or have reliable access to the skills, judgment, experience, independence, public-benefit perspective, safeguards awareness, and technical literacy necessary to govern GCRI Canada as a Canadian nonprofit, non-share, non-distributing, public-benefit, non-executing evidence-and-methods institution.\
17.10.1(c) Board composition shall not be designed primarily for fundraising optics, sponsor satisfaction, public authority appearance, provider visibility, founder control, media profile, technical prestige, or capital-reader confidence.\
17.10.1(d) The Board shall be capable of understanding and overseeing the corporation’s legal, institutional, technical, data, AI, cybersecurity, Public Authority, finance-boundary, community-safeguard, research-integrity, and Nexus-interface obligations.\
17.10.1(e) The controlling rule shall be that Board composition must fit the institution’s constitutional burden.

17.10.2 Directors Should Collectively Provide Competence in Canadian Nonprofit Governance, Public-Benefit Strategy, Law, Risk, Research, Evidence, AI, Cybersecurity, Data Governance, Public Authority Boundaries, Finance Boundaries, Community Safeguards, Technology, Infrastructure, and Institutional Development.\
17.10.2(a) Directors should collectively provide competence in Canadian nonprofit governance, corporate governance, public-benefit strategy, fiduciary duty, legal compliance, risk governance, research integrity, evidence governance, methods stewardship, public-safe publication, controlled vocabulary, AI governance, cybersecurity, data governance, privacy, Public Authority boundaries, finance boundaries, procurement neutrality, community safeguards, protected knowledge, technology governance, infrastructure systems, and institutional development.\
17.10.2(b) The Board may satisfy collective competence through directors, officers, committees, advisors, independent experts, counsel, technical reviewers, safeguards reviewers, or other properly recorded competence surfaces, provided that Board accountability remains with the Board.\
17.10.2(c) Competence shall include the ability to ask informed questions, understand risk signals, recognize boundary drift, evaluate records, assess evidence sufficiency, require correction, and resist capture.\
17.10.2(d) The Board shall not treat nominal expertise, public status, institutional title, or sponsor affiliation as a substitute for relevant governance competence.\
17.10.2(e) The controlling rule shall be that Board competence must be operational enough to support oversight, not decorative.

17.10.3 Directors Should Include or Have Access to Competence in AI, AI-RAN, O-RAN, DePIN, Sovereign Compute, Cyber, Sensors, Digital Twins, Geospatial Systems, Climate, WEFH, Biosecurity, Energy, Supply Chains, and Mission-Critical Infrastructure.\
17.10.3(a) Directors should include or have access to competence in exponential and mission-critical technologies relevant to GCRI Canada’s mandate.\
17.10.3(b) Such competence may include artificial intelligence, agentic AI, AI assurance, AI safety, model governance, AI-RAN, O-RAN, private wireless, telecommunications, DePIN, sovereign compute, edge compute, cloud compute, high-performance computing, confidential computing, verifiable compute, verifiable intelligence, cybersecurity, cyber-physical systems, sensors, digital twins, simulation systems, geospatial systems, Earth observation, satellite systems, climate systems, nature systems, WEFH systems, biosecurity, health-sensitive systems, energy systems, semiconductors, advanced manufacturing, supply chains, robotics, drones, space systems, quantum-relevant systems, and mission-critical infrastructure.\
17.10.3(c) Technical competence shall support Board oversight of evidence, methods, public-good software, technical baselines, secure release, controlled technology, data risk, AI risk, cybersecurity risk, public-safe publication, and non-execution.\
17.10.3(d) Technical competence shall not be allowed to dominate the Board in a manner that weakens public-benefit governance, legal compliance, safeguards, community participation, privacy, or role separation.\
17.10.3(e) The controlling rule shall be that the Board must be technically literate enough to govern technical truth without becoming a technical operator.

17.10.4 Directors Should Include or Have Access to Canadian Federal, Provincial, Territorial, Indigenous, Local, Public Authority, Privacy, Research Ethics, Tax, Corporate, and Accessibility Contexts.\
17.10.4(a) Directors should include or have access to competence in Canadian federal, provincial, territorial, Indigenous, local, Public Authority, privacy, research ethics, tax, corporate, employment, accessibility, nonprofit, data protection, cybersecurity, public procurement, public finance, and community-safeguards contexts.\
17.10.4(b) Such competence shall support GCRI Canada’s Canadian legal seat, Canada-specific public-benefit posture, bilingual or accessibility obligations where applicable, Public Authority learning, Indigenous knowledge safeguards, local knowledge safeguards, sovereign data controls, and cross-border legal respect.\
17.10.4(c) The Board shall ensure that global Nexus alignment does not obscure Canadian legal obligations, Canadian public-benefit character, Canadian corporate governance, or Canada-specific safeguards.\
17.10.4(d) Where the Board lacks sufficient direct competence in a matter, it shall seek qualified advice, independent review, counsel, safeguards input, or external expertise before material action.\
17.10.4(e) The controlling rule shall be that Canadian institutional context must remain visible in Board composition and advice.

17.10.5 Directors Should Preserve Sufficient Independence From Sponsors, Providers, Vendors, National Companies, Project SPVs, Public Authorities, Capital Actors, and Major Funders.\
17.10.5(a) Directors should preserve sufficient independence from sponsors, donors, funders, grantors, providers, vendors, contractors, National Companies, Project SPVs, Public Authorities, capital actors, major funders, founders, hosts, and other actors capable of influencing institutional direction.\
17.10.5(b) Independence shall be assessed by financial relationships, employment, board roles, advisory roles, consulting roles, equity interests, debt interests, token interests, vendor relationships, sponsor relationships, provider relationships, Public Authority roles, capital-reader roles, family relationships, institutional affiliations, technical dependency, and public claims interests.\
17.10.5(c) The Board may include persons with relevant institutional experience, but shall manage conflicts, recusals, influence aggregation, access restrictions, and role boundaries to preserve independent judgment.\
17.10.5(d) The Board shall avoid composition patterns that allow any sponsor, provider, funder, Public Authority, National Company, Project SPV, founder group, capital actor, or technical faction to control or appear to control GCRI Canada.\
17.10.5(e) The controlling rule shall be that independence must be sufficient in fact and credible in appearance.

17.10.6 Board Composition Should Reflect Diversity of Skills, Geography, Disciplines, Lived Experience, Public-Benefit Perspective, and Safeguards Awareness.\
17.10.6(a) Board composition should reflect diversity of skills, geography, disciplines, lived experience, public-benefit perspective, safeguards awareness, technical literacy, legal judgment, community understanding, institutional development experience, and systems-risk understanding.\
17.10.6(b) Diversity shall support better oversight of complex risk, public trust, rights-bearing data, protected knowledge, Public Authority interfaces, community safeguards, technical systems, and cross-jurisdictional alignment.\
17.10.6(c) Board composition should avoid narrow capture by a single profession, sector, geography, technology domain, sponsor class, provider class, public authority class, academic discipline, founder group, or capital perspective.\
17.10.6(d) Diversity shall be implemented through meaningful participation, role clarity, respect, access to information, training, and authority to challenge, not through symbolic appointment alone.\
17.10.6(e) The controlling rule shall be that diverse composition is a governance quality control, not a branding exercise.

17.10.7 Board Composition Should Avoid Tokenism, Capture, Founder Overconcentration, Sponsor Overrepresentation, Provider Overrepresentation, Public Authority Confusion, and Capital Overinfluence.\
17.10.7(a) Board composition should avoid tokenism, capture, founder overconcentration, sponsor overrepresentation, provider overrepresentation, Public Authority confusion, capital overinfluence, technical monoculture, academic dominance, media overvisibility, and stakeholder imbalance.\
17.10.7(b) Tokenism includes appointing persons for representational optics without meaningful access, respect, authority to challenge, information, preparation, support, or safeguards.\
17.10.7(c) Founder overconcentration includes arrangements that allow founders or founder-aligned persons to dominate Board judgment beyond lawful and mission-compatible continuity needs.\
17.10.7(d) Sponsor, provider, Public Authority, and capital overrepresentation includes Board composition that could reasonably create the appearance that GCRI Canada’s evidence, methods, publications, Public Authority access, finance-facing materials, technical baselines, or correction decisions are controlled by external interests.\
17.10.7(e) The controlling rule shall be that composition must protect independence and trust as much as it supplies expertise.

17.10.8 Board Composition Should Support Continuity and Renewal.\
17.10.8(a) Board composition should support continuity and renewal.\
17.10.8(b) Continuity requires institutional memory, mission understanding, record familiarity, technical and legal context, relationship awareness, and understanding of correction history.\
17.10.8(c) Renewal requires periodic refreshment of skills, independence, perspectives, safeguards awareness, technology understanding, community legitimacy, and public-benefit judgment.\
17.10.8(d) The Board shall avoid both excessive churn that weakens institutional memory and excessive entrenchment that creates founder dependence, stale oversight, capture, or resistance to correction.\
17.10.8(e) Succession planning shall identify anticipated skill gaps, term expiries, independence risks, committee needs, jurisdictional needs, safeguards needs, and continuity needs.\
17.10.8(f) The controlling rule shall be that Board composition must preserve both institutional memory and correction-capable renewal.

17.10.9 Board Composition Shall Be Evaluated Periodically.\
17.10.9(a) Board composition shall be evaluated periodically.\
17.10.9(b) Evaluation shall assess skills, independence, conflicts, attendance, participation, preparedness, fiduciary understanding, mission-lock understanding, public-benefit understanding, technical literacy, legal literacy, safeguards awareness, data and cybersecurity awareness, Public Authority boundary awareness, finance-boundary awareness, provider-neutrality awareness, sponsor-non-control awareness, and correctionability discipline.\
17.10.9(c) Evaluation may include a skills matrix, independence review, conflict review, Board self-assessment, committee assessment, external assessment, training review, succession review, and governance assurance.\
17.10.9(d) Findings may require recruitment, training, role changes, committee redesign, independence safeguards, conflict mitigation, succession planning, Board expansion where lawful, or Board refreshment.\
17.10.9(e) The controlling rule shall be that Board composition must be periodically tested against the institution’s evolving governance burden.

17.10.10 Board Composition Records and Skills Matrix.\
17.10.10(a) GCRI Canada shall maintain Board Composition records and a Board skills matrix.\
17.10.10(b) Records shall identify directors, terms, roles, committee assignments, independence status, conflicts, disclosures, recusals, competencies, training, attendance, jurisdictional experience, safeguards experience, technical competence, legal competence, financial literacy, public authority experience, community experience, and succession considerations.\
17.10.10(c) The skills matrix shall identify required, present, missing, emerging, and priority competencies for Board oversight of mission lock, non-execution, public-benefit governance, data, AI, cybersecurity, research, evidence, public-safe publication, Public Authority boundaries, finance boundaries, provider neutrality, sponsor non-control, protected knowledge, and Nexus role separation.\
17.10.10(d) Board Composition records shall be classified, retained, reviewed, and corrected according to privacy, confidentiality, legal, governance, and public-safe requirements.\
17.10.10(e) The controlling rule shall be that Board composition must be evidenced by records because governance capacity cannot be assumed from titles.

### 17.11 Director Eligibility, Qualification, and Disqualification Principles

17.11.1 Director Eligibility Shall Comply With Applicable Law, Articles, Bylaw, and Board-Approved Governance Procedures.\
17.11.1(a) Director eligibility shall comply with applicable law, the articles, the Bylaw, this Charter, Board-approved governance procedures, conflict rules, independence rules, qualification rules, and any additional lawful eligibility requirements adopted by GCRI Canada.

17.11.1(b) No person shall be appointed, elected, continued, or publicly described as a Director unless the person satisfies applicable legal eligibility requirements and has been reviewed through the director eligibility process proportionate to role, risk, authority, access, conflicts, public visibility, and institutional significance.

17.11.1(c) Eligibility review shall not be treated as a ceremonial appointment step. It shall be a governance safeguard to ensure that Directors are capable of stewarding GCRI Canada’s Canadian public-benefit, nonprofit, non-share, non-distributing, non-executing, evidence-and-methods, public-good technical institution character.

17.11.1(d) Director eligibility shall be assessed before appointment, upon renewal or reappointment where applicable, upon material change in circumstances, and whenever credible information arises indicating legal ineligibility, unmanaged conflict, loss of independence, conduct concern, public trust risk, or mission-fit concern.

17.11.1(e) The controlling rule shall be that Director status must be lawful, records-valid, mission-compatible, conflict-reviewed, and capable of supporting public trust.

***

17.11.2 Directors Shall Be Capable of Exercising Independent Judgment.\
17.11.2(a) Each Director shall be capable of exercising independent judgment in the best interests of GCRI Canada, informed by the corporation’s public-benefit purpose, mission lock, non-execution, public-good stewardship, legal separateness, safeguards, records discipline, and Nexus role separation.

17.11.2(b) A Director shall not be considered qualified merely because of title, prominence, financial support, technical expertise, public office, sponsor relationship, provider relationship, academic status, media visibility, capital access, founder proximity, or Nexus proximity.

17.11.2(c) Independent judgment shall require the ability to question management, founders, officers, committees, sponsors, donors, funders, providers, hosts, Public Authorities, capital readers, National Companies, Project SPVs, Nexus entities, advisors, and technical contributors where mission, law, public trust, evidence integrity, data rights, cybersecurity, protected knowledge, or boundary discipline is implicated.

17.11.2(d) A Director shall have sufficient time, attention, integrity, literacy, and willingness to review Board materials, understand material risk, disclose conflicts, recuse where required, challenge overclaim, require correction, and act despite external pressure.

17.11.2(e) The controlling rule shall be that Directors must be able to govern independently, not merely lend legitimacy.

***

17.11.3 Directors Shall Accept Mission Lock, Non-Execution, Public-Good Stack Alignment, Validity-by-Record, Correctionability, Public Authority Boundaries, Finance Boundaries, Provider Neutrality, Sponsor Non-Control, and Public-Safe Claims Discipline.\
17.11.3(a) Each Director shall accept and be willing to uphold GCRI Canada’s mission lock, non-execution, Public-Good Stack alignment, One Rail / Two Stacks discipline, Public-Good Firewall, validity-by-record, correctionability, public-safe publication, controlled vocabulary, and institutional role separation.

17.11.3(b) Each Director shall accept that GCRI Canada does not, by default, regulate, procure, approve funding, issue public warnings, command emergencies, certify technologies, provide investment advice, solicit securities, broker transactions, underwrite insurance, rate credit, guarantee outcomes, operate market infrastructure, operate National Companies, control Project SPVs, or execute downstream activity.

17.11.3(c) Each Director shall accept that GCRI Canada’s work may support The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards / Protocol Authority, Public Authorities, Nexus entities, National Companies, Project SPVs, universities, communities, providers, sponsors, and capital readers only through proper records, proper scope, proper role separation, and proper boundary language.

17.11.3(d) A person unwilling or unable to preserve Public Authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, community safeguards, Indigenous and protected knowledge safeguards, privacy, cybersecurity, public-safe claims discipline, and correctionability shall not be qualified to serve.

17.11.3(e) The controlling rule shall be that Board service requires constitutional acceptance of what GCRI Canada is and what it must not become.

***

17.11.4 Directors Shall Disclose Conflicts Before Appointment and During Service.\
17.11.4(a) Each prospective Director shall disclose actual, potential, perceived, financial, institutional, professional, personal, research, data, AI, cybersecurity, IP, technical, sponsor, donor, funder, provider, host, Public Authority, university, capital-reader, National Company, Project SPV, media, community, or Nexus-interface conflicts before appointment.

17.11.4(b) Each Director shall update conflict disclosures promptly during service whenever circumstances change, new interests arise, affiliations change, financial interests change, Public Authority roles change, provider or sponsor relationships arise, National Company or Project SPV involvement arises, or a reasonable person could question the Director’s independence.

17.11.4(c) Conflict disclosure shall identify the nature of the interest, affected entities, affected matters, financial or non-financial value where relevant, duration, relationship, affected Board decisions, proposed mitigation, and any required recusal or access restriction.

17.11.4(d) Failure to disclose conflicts may constitute grounds for mitigation, recusal, access restriction, Board action, suspension, removal where lawful, public-safe clarification, or other corrective action.

17.11.4(e) The controlling rule shall be that Director independence cannot be protected unless conflicts are disclosed before authority is exercised.

***

17.11.5 Disqualification May Arise From Legal Ineligibility, Unmanaged Conflict, Sanctions or Restricted-Party Risk, Systemic Misconduct, Fraud, Harassment, Retaliation, Data Misuse, Cyber Misuse, Public Authority Misuse, Finance Overclaim, Provider Capture, Sponsor Capture, or Conduct Inconsistent With Public-Benefit Purpose.\
17.11.5(a) A person may be disqualified from Director service, or may become subject to suspension or removal where lawful, because of legal ineligibility, incapacity under applicable law, disqualifying status under the articles or Bylaw, unmanaged conflict, loss of independence, restricted-party risk, sanctions risk, export-control risk, fraud, misrepresentation, serious misconduct, harassment, discrimination, retaliation, coercion, exploitation, breach of fiduciary duty, breach of confidentiality, data misuse, AI misuse, cybersecurity misuse, IP misuse, or protected knowledge misuse.

17.11.5(b) Disqualification may also arise from Public Authority misuse, finance overclaim, procurement overclaim, provider capture, sponsor capture, outcome purchase, public authority access purchase, publication suppression, correction suppression, public claims misuse, certification overclaim, recognition overclaim, protocol overclaim, Nexus-compatible overclaim, or execution overclaim.

17.11.5(c) Conduct inconsistent with public-benefit purpose includes conduct that materially undermines mission lock, non-execution, public-good stack alignment, legal separateness, privacy, cybersecurity, community safeguards, protected knowledge, public-safe publication, correctionability, provider neutrality, sponsor non-control, or public trust.

17.11.5(d) Disqualification review shall be proportionate, legally informed, records-valid, confidentiality-aware, conflict-managed, and fair where applicable, while allowing immediate protective action where required.

17.11.5(e) The controlling rule shall be that Director eligibility depends on lawful capacity and public-benefit trustworthiness.

***

17.11.6 Director Eligibility Review Shall Include Role, Conflict, Independence, Reputation, Legal, and Mission-Fit Review.\
17.11.6(a) Director eligibility review shall include role review, conflict review, independence review, reputation review, legal review where appropriate, sanctions or restricted-party review where appropriate, mission-fit review, public-benefit review, and public trust review.

17.11.6(b) Role review shall assess the proposed Director’s expected contribution, committee role, fiduciary burden, access to sensitive materials, public-facing role, Public Authority exposure, finance exposure, technical exposure, protected knowledge exposure, and Nexus-interface exposure.

17.11.6(c) Independence review shall assess financial ties, employment ties, advisory roles, board roles, consulting relationships, sponsor or provider relationships, Public Authority roles, capital-reader roles, National Company or Project SPV interests, family relationships, founder proximity, and other influence channels.

17.11.6(d) Mission-fit review shall assess whether the person understands and accepts GCRI Canada’s non-executing, public-good, evidence-and-methods, public-safe, correctionable, role-separated function.

17.11.6(e) The controlling rule shall be that Director eligibility review must test capacity to steward this institution, not only legal ability to hold office.

***

17.11.7 Director Requalification May Be Required Where Circumstances Change.\
17.11.7(a) Director requalification may be required where a Director’s circumstances materially change or where new information raises legal, independence, conflict, reputation, access, public trust, mission-fit, or boundary concerns.

17.11.7(b) Requalification triggers may include new employment, new board role, new advisory role, new financial interest, sponsor relationship, provider relationship, Public Authority role, capital-reader relationship, National Company role, Project SPV role, legal proceeding, sanctions concern, misconduct allegation, data incident, cybersecurity incident, public claims issue, media controversy, or repeated failure to perform Director duties.

17.11.7(c) Requalification may require updated disclosures, independent review, legal review, recusal, access restriction, committee reassignment, training, monitoring, suspension where lawful, or removal where required by law or Bylaw.

17.11.7(d) A Director shall cooperate with requalification review and shall not participate in affected matters while material unresolved eligibility, conflict, or independence concerns remain, unless participation is legally required and properly controlled.

17.11.7(e) The controlling rule shall be that Director qualification is continuing, not fixed at appointment.

***

17.11.8 Director Suspension or Removal Shall Follow Applicable Law and Bylaw.\
17.11.8(a) Director suspension, removal, resignation, disqualification, replacement, or restriction shall follow applicable law, the articles, the Bylaw, lawful Board procedures, member rights where applicable, conflict rules, records rules, and fair process where applicable.

17.11.8(b) Nothing in this Charter shall be read to create a suspension or removal power inconsistent with mandatory law, corporate procedure, or the Bylaw.

17.11.8(c) Where urgent risk exists, GCRI Canada may take lawful interim protective measures, including recusal, access restriction, committee reassignment, information restriction, public reference suspension, room access restriction, or other measures that do not unlawfully remove the Director before proper procedure.

17.11.8(d) Removal or suspension records shall identify authority, procedure, grounds, conflicts, decision-maker, affected rights, interim measures, notices, effective date, continuing obligations, public-safe status, correction path, and closeout.

17.11.8(e) The controlling rule shall be that Director discipline must protect mission and law at the same time.

***

17.11.9 Director Disqualification Records Shall Be Handled With Appropriate Confidentiality and Legal Review.\
17.11.9(a) Director disqualification, eligibility, conflict, independence, reputation, conduct, legal, sanctions, export-control, misconduct, harassment, retaliation, data misuse, cybersecurity misuse, or protected knowledge review records shall be handled with appropriate confidentiality, legal review, access restriction, privacy protection, and public-safe controls.

17.11.9(b) Such records shall not be disclosed publicly, circulated broadly, placed in open repositories, used for retaliation, or described in public materials except where lawful, necessary, public-safe, and properly approved.

17.11.9(c) Where public clarification is necessary, GCRI Canada shall disclose only what is accurate, lawful, proportionate, non-retaliatory, non-defamatory, privacy-respecting, public-safe, and consistent with legal advice where appropriate.

17.11.9(d) Records shall be retained, sealed, deleted, archived, or subject to legal hold according to applicable law, records policy, privacy requirements, litigation risk, and governance need.

17.11.9(e) The controlling rule shall be that Director eligibility records must protect both accountability and lawful confidentiality.

***

17.11.10 Director Eligibility, Qualification, and Disqualification Register.\
17.11.10(a) GCRI Canada shall maintain a Director Eligibility, Qualification, and Disqualification Register or equivalent records.

17.11.10(b) The Register shall identify each Director and prospective Director where applicable, eligibility review status, qualification basis, appointment authority, term, mission-lock acknowledgment, independence status, conflicts disclosed, mitigation measures, legal review where applicable, sanctions or restricted-party review where applicable, training status, requalification triggers, suspension or removal status where applicable, public reference status, and closeout.

17.11.10(c) The Register shall link to Board composition records, conflict records, fiduciary duty records, training records, independence records, Board minutes, appointment records, committee records, public reference records, discipline records, and legal records where applicable.

17.11.10(d) Access to the Register shall be restricted according to confidentiality, privacy, legal privilege, governance need, and public-safe requirements.

17.11.10(e) The controlling rule shall be that Director eligibility must be demonstrable by record because Board authority depends on lawful and trustworthy Directors.

***

### 17.12 Board Independence

17.12.1 Board Independence as Charter-Level Safeguard.\
17.12.1(a) Board independence shall be a Charter-level safeguard for mission lock, public-benefit purpose, non-execution, public-good stack alignment, legal separateness, records discipline, public-safe publication, privacy, cybersecurity, community safeguards, protected knowledge, provider neutrality, sponsor non-control, finance-boundary discipline, Public Authority boundaries, and public trust.

17.12.1(b) Independence shall mean the Board’s capacity to exercise informed, lawful, good-faith judgment in the best interests of GCRI Canada without improper control, undue influence, capture, dependency, fear, loyalty conflict, financial pressure, political pressure, technical pressure, sponsor pressure, provider pressure, Public Authority pressure, capital pressure, media pressure, founder pressure, or Nexus-system pressure.

17.12.1(c) Independence shall be assessed in fact and appearance. A Board that is technically lawful but reasonably perceived as controlled by sponsors, providers, funders, Public Authorities, founders, capital actors, National Companies, Project SPVs, or any single faction may fail the independence purpose of this Charter.

17.12.1(d) Independence shall not require isolation from expertise, support, public authority learning, technical contribution, or partnerships, but shall require role classification, conflict management, recusal, access controls, independent review, and public claims discipline.

17.12.1(e) The controlling rule shall be that Board independence is a condition of public-good legitimacy.

***

17.12.2 Independence From Sponsors and Donors.\
17.12.2(a) The Board shall preserve independence from sponsors, donors, funders, grantors, restricted funders, in-kind contributors, hosts, and other supporters.

17.12.2(b) No sponsor, donor, funder, grantor, or supporter shall control Board composition, Board decisions, Board agendas, evidence doctrine, methods, research design, public-safe publication, Public Authority access, provider treatment, technical baselines, correction decisions, controlled vocabulary, or institutional truth.

17.12.2(c) Sponsor or donor support shall not create appointment rights, veto rights, observer rights, information rights, access rights, publication rights, or public reference rights unless expressly approved, lawful, mission-compatible, non-controlling, and recorded.

17.12.2(d) Directors with sponsor or donor relationships shall disclose such relationships and may be subject to recusal, information restriction, committee exclusion, independent review, or other mitigation where influence risk exists.

17.12.2(e) The controlling rule shall be that support must not become Board control.

***

17.12.3 Independence From Providers and Vendors.\
17.12.3(a) The Board shall preserve independence from providers, vendors, contractors, Qualified Providers, AI providers, cloud providers, cybersecurity providers, telecommunications providers, AI-RAN providers, O-RAN providers, DePIN providers, sensor providers, software providers, repository providers, dashboard providers, integrators, and technical contributors.

17.12.3(b) Providers and vendors shall not control Board decisions, technical baselines, benchmark design, evidence selection, methods, data access, repository governance, secure release, Public Authority interfaces, procurement-sensitive contexts, or public claims.

17.12.3(c) Director relationships with providers or vendors shall be disclosed and reviewed for provider preference, procurement advantage, technical asset capture, dependency risk, benchmark distortion, public authority overclaim, and public trust risk.

17.12.3(d) Where provider or vendor conflict exists, the Board may require recusal, independent technical review, procurement-safety controls, access restriction, committee reassignment, or refusal of the arrangement.

17.12.3(e) The controlling rule shall be that technical capability shall not become Board capture.

***

17.12.4 Independence From National Companies and Project SPVs.\
17.12.4(a) The Board shall preserve independence from National Consortium Companies, Project SPVs, enterprise-stack vehicles, execution vehicles, asset-level vehicles, commercial delivery entities, and related market actors.

17.12.4(b) National Companies and Project SPVs shall not control GCRI Canada’s Board, evidence outputs, public-safe publications, technical baselines, Public Authority learning materials, finance-facing materials, correction decisions, or public claims.

17.12.4(c) Directors with interests in National Companies or Project SPVs shall disclose such interests and shall be reviewed for finance signal, procurement advantage, public authority overclaim, execution drift, conflict of loyalty, private benefit, and public trust risk.

17.12.4(d) GCRI Canada shall not permit Board composition or Board decision-making to create the appearance that National Companies or Project SPVs are approved, controlled, financed, procured, certified, recognized, or executed by GCRI Canada.

17.12.4(e) The controlling rule shall be that enterprise-stack vehicles must not govern the public-good stack.

***

17.12.5 Independence From Capital Actors and Finance-Readiness Readers.\
17.12.5(a) The Board shall preserve independence from capital actors, investors, lenders, insurers, underwriters, brokers, finders, rating actors, guarantors, public finance actors, MDB or DFI actors, grant approval actors, finance-readiness readers, and capital readers.

17.12.5(b) Capital actors shall not control Board decisions, evidence packaging, finance-facing materials, GRA interfaces, National Company interfaces, Project SPV interfaces, public finance references, public-safe summaries, or correction decisions.

17.12.5(c) Directors with capital, investment, lending, insurance, underwriting, rating, advisory, or public finance relationships shall disclose such relationships and may be subject to recusal, restricted access, finance-boundary review, GRA routing, or independent review.

17.12.5(d) Board independence shall prevent GCRI Canada from becoming or appearing to become an investment adviser, broker, underwriter, lender, insurer, rating agency, guarantor, public finance approver, capital platform, or capital formation actor.

17.12.5(e) The controlling rule shall be that capital literacy shall not become capital control.

***

17.12.6 Independence From Public Authority Direction Except Where Lawfully Required.\
17.12.6(a) The Board shall preserve independence from Public Authority direction except where lawfully required by applicable law, lawful order, lawful agreement, lawful public authority condition, or proper regulatory obligation.

17.12.6(b) Public Authority participation, funding, data contribution, attendance, review, learning, observer status, regulator-listening status, public finance reader status, emergency-management participation, or public health participation shall not control the Board or convert GCRI Canada into a Public Authority.

17.12.6(c) The Board may cooperate with Public Authorities for lawful public-benefit purposes while preserving non-delegation, non-endorsement, non-procurement, non-funding, non-regulatory, non-warning, non-command, and no-sovereign-obligation boundaries.

17.12.6(d) Where Public Authority request, pressure, political sensitivity, procurement context, emergency context, regulatory context, or public finance context may affect Board independence, the matter shall require capacity classification, legal review where appropriate, boundary review, and proper records.

17.12.6(e) The controlling rule shall be that public authority learning does not create public authority control of GCRI Canada.

***

17.12.7 Independence From Founder Control, Staff Control, Committee Control, Council Control, Partner Control, or Media Pressure.\
17.12.7(a) The Board shall preserve independence from founder control, staff control, officer control, committee control, council control, advisor control, partner control, media pressure, public narrative pressure, technical faction pressure, or personality-based authority.

17.12.7(b) Founders, officers, staff, advisors, councils, committees without Board authority, fellows, technical contributors, media actors, partners, sponsors, providers, or Public Authorities shall not substitute for the Board or control Board decisions by informal consensus, reputation, urgency, dependency, access to information, narrative control, or public pressure.

17.12.7(c) The Board may value founder knowledge, staff expertise, committee work, council advice, partner context, and media intelligence without surrendering independent governance judgment.

17.12.7(d) Board processes shall ensure that information asymmetry, founder indispensability, technical opacity, staff convenience, media exposure, or committee recommendations do not prevent meaningful deliberation and correction.

17.12.7(e) The controlling rule shall be that no internal or external actor shall become a shadow Board.

***

17.12.8 Independence Assessment for Directors, Officers, Committees, Councils, Advisors, and Major Participants.\
17.12.8(a) GCRI Canada shall conduct independence assessment for Directors and, where material, Officers, committees, councils, advisors, major participants, sponsors, providers, Public Authority participants, capital readers, National Companies, Project SPVs, and Nexus-interface actors.

17.12.8(b) Independence assessment shall consider financial relationships, institutional affiliations, employment, consulting, advisory roles, board roles, family relationships, funding relationships, sponsorships, provider relationships, Public Authority roles, capital interests, IP interests, data interests, technical dependencies, public claims interests, and reputational dependencies.

17.12.8(c) Assessment shall consider both direct and indirect influence, including influence through funding, technical dependency, data ownership, infrastructure access, public authority proximity, media amplification, personal loyalty, founder alignment, or shared institutional interests.

17.12.8(d) Independence assessment may be updated periodically, upon role change, upon new conflict disclosure, before reserved matters, before major funding or provider decisions, before high-risk Public Authority interfaces, and before high-risk finance-facing matters.

17.12.8(e) The controlling rule shall be that independence must be assessed where influence can affect institutional judgment.

***

17.12.9 Independence Mitigation: Disclosure, Recusal, Access Restriction, Independent Review, Committee Reassignment, or Removal.\
17.12.9(a) Independence concerns may be mitigated through disclosure, recusal, abstention, access restriction, information segregation, independent review, committee reassignment, role narrowing, monitoring, term limitation, training, suspension, removal where lawful, or refusal of appointment.

17.12.9(b) Recusal shall be required where a Director’s conflict or influence risk materially affects judgment on a matter, including sponsor matters, provider matters, Public Authority matters, finance matters, procurement-sensitive matters, National Company matters, Project SPV matters, technical releases, publications, data matters, protected knowledge matters, or correction matters.

17.12.9(c) Access restriction may be required where sensitive information could create private advantage, public authority misuse, finance signal, procurement distortion, provider preference, sponsor influence, data misuse, or protected knowledge risk.

17.12.9(d) Independent review may be required where the Board retains a conflicted or partially conflicted Director’s participation because the Director has necessary expertise but independence risk must be mitigated.

17.12.9(e) Removal or refusal of appointment shall be considered where independence cannot be adequately protected.

17.12.9(f) The controlling rule shall be that independence risk must be mitigated with measures strong enough to preserve trust.

***

17.12.10 Independence Register and Assurance.\
17.12.10(a) GCRI Canada shall maintain an Independence Register or equivalent records.

17.12.10(b) The Register shall identify Directors, Officers, committee members, council participants, advisors, major participants, and other relevant persons; independence status; conflicts; affiliations; financial interests; sponsor, provider, Public Authority, capital, National Company, Project SPV, and Nexus relationships; mitigation measures; recusals; access restrictions; review dates; and closeout.

17.12.10(c) Independence Assurance shall review whether independence disclosures are current, conflicts are mitigated, recusals are observed, access restrictions are enforced, committee assignments are appropriate, Board composition remains balanced, and public claims do not overstate independence or role.

17.12.10(d) Assurance findings may require updated disclosures, additional mitigation, Board composition changes, committee changes, training, public claims correction, legal review, or Board action.

17.12.10(e) The controlling rule shall be that independence must be recorded and assured because public trust cannot rely on appearance alone.

***

### 17.13 Board-Reserved Matters

17.13.1 Adoption, Amendment, Supersession, or Repeal of Charter, Bylaw, Articles Where Applicable, and Core Governance Instruments.\
17.13.1(a) The adoption, amendment, supersession, repeal, suspension, restatement, consolidation, interpretation with constitutional effect, or public release of the Charter, Bylaw, articles where applicable, and core governance instruments shall be Board-reserved matters except where applicable law or the Bylaw requires member approval, regulatory filing, court approval, or other approval.

17.13.1(b) Core governance instruments may include major policies, constitutional schedules, doctrine instruments, public-good stack instruments, records policies, conflict policies, data policies, AI policies, cybersecurity policies, public-safe publication policies, sponsorship policies, provider policies, Public Authority interface policies, finance-boundary policies, protected knowledge policies, and Nexus interface instruments.

17.13.1(c) No officer, committee, council, advisor, sponsor, provider, Public Authority, National Company, Project SPV, or Nexus entity may amend or override core governance instruments except through lawful delegation and Board-approved process where permitted.

17.13.1(d) Amendments shall be supported by legal review, governance review, public-good review, boundary review, records review, and public-safe review where material.

17.13.1(e) The controlling rule shall be that constitutional instruments require constitutional authority.

***

17.13.2 Approval of Annual Strategy, Annual Budget, Material Budget Amendments, and Institutional Priorities.\
17.13.2(a) Approval of annual strategy, annual budget, material budget amendments, institutional priorities, material resource allocation, material restricted fund use, and major program priorities shall be Board-reserved matters.

17.13.2(b) Annual strategy and budget shall preserve public-benefit purpose, mission lock, non-execution, public-good stack alignment, evidence integrity, research integrity, technical asset stewardship, data governance, cybersecurity, safeguards, public authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, and correctionability.

17.13.2(c) Budget approval shall not be driven solely by revenue, visibility, sponsor preference, provider opportunity, public authority proximity, capital-reader interest, media attention, or technology hype.

17.13.2(d) Material budget amendments shall identify purpose, funding source, restrictions, private benefit risk, mission fit, legal implications, conflict implications, data implications, cybersecurity implications, public-safe implications, and correction path.

17.13.2(e) The controlling rule shall be that strategy and budget are mission-lock instruments, not merely financial instruments.

***

17.13.3 Appointment, Removal, Compensation, and Delegation of Material Officers Where Applicable.\
17.13.3(a) Appointment, removal, compensation, material role definition, material delegation, suspension, performance review, and closeout of material Officers and executive leadership functions shall be Board-reserved matters where required by law, Bylaw, policy, or risk.

17.13.3(b) Material Officers may include Chair-related functions where applicable, President, Executive Director, Secretary, Treasurer, Chief Evidence or Research function, Chief Technology or Compute function, Chief Data / AI / Cyber function, public authority interface function, safeguards function, publication function, finance-boundary function, records function, and technical asset leadership function.

17.13.3(c) Officer compensation and benefits shall be reasonable, conflict-managed, records-valid, non-excessive, lawful, and consistent with nonprofit and public-benefit duties.

17.13.3(d) Officer delegations shall be written, scoped, reviewable, revocable, records-valid, and shall not permit officers to exceed Board-reserved matters or GCRI Canada’s non-executing authority.

17.13.3(e) The controlling rule shall be that executive authority must originate in lawful Board action and remain accountable to the Board.

***

17.13.4 Creation, Amendment, or Dissolution of Board Committees and Material Advisory Structures.\
17.13.4(a) Creation, amendment, merger, suspension, dissolution, or material redesign of Board committees and material advisory structures shall be Board-reserved matters.

17.13.4(b) Committee and advisory structure instruments shall identify purpose, authority, scope, membership, chair, reporting line, delegated powers if any, limitations, conflicts, confidentiality, records, public reference permissions, public claims limits, review cycle, and closeout.

17.13.4(c) Board committees with delegated authority shall be distinguished from advisory councils, Leadership Councils, Helix Councils, panels, working groups, expert groups, fellows, advisors, and stakeholder bodies without Board authority.

17.13.4(d) No advisory structure shall become shadow governance, Public Authority substitute, sponsor control mechanism, provider preference mechanism, finance-readiness surface, certification body, or execution authority by implication.

17.13.4(e) The controlling rule shall be that governance bodies must be constituted by record and limited by role.

***

17.13.5 Approval of Major Policies Concerning Conflicts, Finance, Research, Data, AI, Cybersecurity, Public-Safe Publication, Public Authority Interfaces, Sponsorship, Grants, IP, Records, and Safeguards.\
17.13.5(a) Approval of major policies concerning conflicts, independence, finance, accounting, investments where applicable, research, evidence, methods, data, privacy, AI, cybersecurity, secure release, public-safe publication, Public Authority interfaces, sponsorship, donations, grants, restricted funds, providers, hosts, IP, licensing, open source, records, controlled vocabulary, correctionability, community safeguards, protected knowledge, and conduct shall be Board-reserved matters.

17.13.5(b) Major policies shall be reviewed for legal compliance, mission lock, non-execution, public-good stack alignment, anti-capture, anti-enclosure, role separation, privacy, cybersecurity, public-safe claims, and correctionability.

17.13.5(c) Policies shall not be adopted as generic templates where GCRI Canada’s specific public-good, non-executing, technical, data, AI, Public Authority, finance-boundary, and protected knowledge context requires tailored rules.

17.13.5(d) Major policy approval shall identify owner, custodian, effective date, review cycle, training requirements, public-safe publication status, repository location, and correction path.

17.13.5(e) The controlling rule shall be that major policies translate the Charter into operating discipline and therefore require Board-level stewardship.

***

17.13.6 Approval of Major Grants, Restricted Funds, Sponsorships, Donations, In-Kind Contributions, Contracts, Shared Services, Interface Agreements, and Nexus Coordination Instruments.\
17.13.6(a) Approval of major grants, restricted funds, sponsorships, donations, in-kind contributions, contracts, shared services, interface agreements, memoranda, partnership instruments, and Nexus coordination instruments shall be Board-reserved where value, risk, restriction, influence, public visibility, Public Authority involvement, data sensitivity, technical dependency, protected knowledge, finance implication, or mission-lock implication is material.

17.13.6(b) Review shall assess legality, nonprofit compliance, tax implications where applicable, private benefit, conflicts, sponsor control, provider preference, Public Authority access purchase, outcome purchase, publication suppression, data rights, IP, cybersecurity, AI use, protected knowledge, public-safe status, finance boundaries, procurement boundaries, and correctionability.

17.13.6(c) Shared services and interface agreements shall preserve legal separateness, liability boundaries, public-good stack separation, enterprise stack separation, data controls, authority limits, public claims limits, and closeout.

17.13.6(d) The Board may approve, condition, restrict, segregate, refuse, return, suspend, terminate, or require amendment of such arrangements where mission or public trust requires.

17.13.6(e) The controlling rule shall be that material support and interface arrangements are governance decisions, not administrative intake.

***

17.13.7 Approval of Major Technical Releases, Open Technical Baselines, Public-Good Software Strategies, IP Strategies, and Anti-Enclosure Exceptions.\
17.13.7(a) Approval of major technical releases, Open Technical Baselines, public-good software strategies, repository strategies, technical reference architectures, IP strategies, licensing strategies, controlled release strategies, anti-enclosure exceptions, and material technical asset governance decisions shall be Board-reserved where constitutional, public-safe, legal, cybersecurity, IP, export-control, provider, sponsor, Public Authority, or market significance is material.

17.13.7(b) Review shall assess public-good asset integrity, secure release, repository security, SBOM, dependency review, licensing, contributor rights, IP ownership, moral rights treatment where applicable, privacy, data, AI use, export controls, sanctions, controlled technology, protected knowledge, Public Authority implications, provider neutrality, sponsor non-control, and correction path.

17.13.7(c) Anti-enclosure exceptions shall be narrow, lawful, mission-compatible, time-bounded where appropriate, recorded, reviewed, and not used to create proprietary gatekeeping or provider preference.

17.13.7(d) Major releases shall include versioning, release notes, limitations, known issues, public-safe documentation, boundary language, maintainer responsibilities, and withdrawal or patch process.

17.13.7(e) The controlling rule shall be that public-good technical assets require Board oversight where their release or restriction affects institutional identity.

***

17.13.8 Approval of High-Risk Public Authority, Finance-Boundary, Controlled Technology, Cross-Border, Public-Safe Publication, or Community-Protected Knowledge Matters.\
17.13.8(a) Approval of high-risk Public Authority, finance-boundary, controlled technology, cross-border, public-safe publication, community-protected, Indigenous knowledge, protected knowledge, data, AI, cybersecurity, public-warning-adjacent, emergency-adjacent, procurement-sensitive, or public finance-sensitive matters shall be Board-reserved where risk is material.

17.13.8(b) High-risk Public Authority matters include those involving official capacity, Public Authority Data, public warnings, emergency management, regulation, procurement, public finance, funding, public infrastructure, public health, public adoption, or sovereign obligation risk.

17.13.8(c) High-risk finance matters include capital-reader rooms, GRA interfaces, National Company materials, Project SPV materials, public finance references, finance-sensitive data, insurance-readiness references, investment-adjacent materials, and no-reliance risks.

17.13.8(d) High-risk community and protected knowledge matters include sensitive location disclosure, cultural site disclosure, public-safe mapping, protected knowledge use, AI processing, dataset release, publication, dashboarding, or third-party sharing.

17.13.8(e) The controlling rule shall be that high-risk matters must reach the Board before public meaning, technical release, access, or reliance is created.

***

17.13.9 Approval of Dissolution, Wind-Up, Merger-Like Transactions, Asset Transfers, Structural Changes, or Mission-Altering Actions Where Applicable.\
17.13.9(a) Approval of dissolution, wind-up, merger-like transactions, structural changes, corporate continuance where applicable, material asset transfers, mission-altering actions, public-good asset transfers, repository transfers, data transfers, IP transfers, technical baseline transfers, or changes affecting legal identity shall be Board-reserved and subject to any member, court, regulator, or legal approval required.

17.13.9(b) Such matters shall require legal review, public-benefit review, mission-lock review, data and privacy review, cybersecurity review, IP review, donor or restricted fund review, Public Authority interface review, community safeguard review, protected knowledge review, and Nexus role separation review where applicable.

17.13.9(c) Public-good assets shall not be transferred, enclosed, privatized, abandoned, or absorbed into another entity in a manner inconsistent with mission lock, anti-enclosure, public trust, privacy, protected knowledge, correctionability, or lawful obligations.

17.13.9(d) Dissolution or structural change shall preserve records, archives, legal hold, data disposition, public-safe notices, correction obligations, restricted fund obligations, donor obligations, grant obligations, IP obligations, and continuity of public-good assets where lawful and appropriate.

17.13.9(e) The controlling rule shall be that structural actions require the highest level of mission, law, and public-good protection.

***

17.13.10 Board-Reserved Matter Records and Decision Packs.\
17.13.10(a) GCRI Canada shall maintain Board-Reserved Matter records and Decision Packs for material reserved matters.

17.13.10(b) A Decision Pack shall identify the decision question, authority source, reserved-matter category, background, options, recommendation, evidence, financial implications, legal review, public-good review, mission-lock review, non-execution review, Public Authority review, finance-boundary review, data / AI / cybersecurity review, safeguards review, conflicts, recusals, risks, mitigations, public-safe status, implementation owner, effective date, review cycle, and correction path.

17.13.10(c) Reserved-matter records shall include Board materials, minutes, resolutions, written consents, dissent where recorded, conditions, approvals, refusals, holds, required notices, Gazette entries where applicable, repository deposits, and closeout records.

17.13.10(d) Reserved-matter records shall be retained as constitutional governance records and linked to relevant registers, policies, agreements, releases, publications, data records, public authority records, finance records, and correction records.

17.13.10(e) The controlling rule shall be that Board-reserved decisions must be decision-grade and records-valid.

***

### 17.14 Board Decision-Grade Process

17.14.1 Board Decisions Should Be Supported by Decision-Grade Records Where Material.\
17.14.1(a) Material Board decisions should be supported by Decision-Grade Records sufficient to permit informed deliberation, lawful action, mission-lock review, risk assessment, implementation, audit, correction, and future interpretation.

17.14.1(b) Decision-Grade Records shall be proportionate to the decision’s significance, including legal effect, financial value, mission-lock implication, public visibility, data sensitivity, cybersecurity risk, Public Authority involvement, finance-boundary relevance, provider or sponsor involvement, protected knowledge, technical release impact, public-safe publication impact, and Nexus-interface impact.

17.14.1(c) Decision-Grade Records shall not be replaced by verbal briefings, informal emails, chat threads, slide headlines, sponsor decks, provider materials, public authority conversations, media narratives, or unsupported management summaries.

17.14.1(d) A Board decision may be deferred, conditioned, narrowed, or placed on hold where records are insufficient for the Board to exercise informed judgment.

17.14.1(e) The controlling rule shall be that material Board action requires enough record to govern responsibly and correct later if needed.

***

17.14.2 Decision Question, Authority, Options, Risks, Evidence, Methods, Legal Review, Public-Good Review, Boundary Review, Data / AI / Cyber Review, Safeguards Review, Finance Review, Public Authority Review, and Correction Path.\
17.14.2(a) Board materials for material decisions should identify the decision question, authority source, requested action, effective date, scope, options, recommendation, alternatives, risks, dependencies, evidence base, methods relied upon, source limits, assumptions, limitations, and correction path.

17.14.2(b) Materials shall identify applicable legal review, governance review, public-good review, mission-lock review, non-execution review, Public Authority boundary review, finance-boundary review, procurement-boundary review, data review, AI review, cybersecurity review, IP review, safeguards review, public-safe review, and Nexus role separation review where material.

17.14.2(c) Materials shall distinguish facts, assumptions, analysis, recommendations, unresolved questions, dissent, management preference, sponsor or provider assertions, Public Authority context, and Board-level decision points.

17.14.2(d) Where review is incomplete, conditional, unavailable, or disputed, the Board materials shall say so and identify the risk of proceeding.

17.14.2(e) The controlling rule shall be that the Board must know what it is deciding, under what authority, on what evidence, and with what correction path.

***

17.14.3 Board Materials Shall Identify Conflicts, Recusals, Sensitive Materials, Public-Safe Status, and Controlled Annexes.\
17.14.3(a) Board materials shall identify conflicts, potential conflicts, perceived conflicts, recusal recommendations, independence concerns, related-party matters, sponsor influence risks, provider influence risks, Public Authority sensitivities, finance sensitivities, and procurement sensitivities.

17.14.3(b) Board materials shall identify sensitive materials, including Personal Information, Rights-Bearing Data, Health-Sensitive Data, Public Authority Data, Cyber-Sensitive Data, Infrastructure-Sensitive Data, Finance-Sensitive Data, Commercially Sensitive Data, Community-Protected Data, Indigenous knowledge, Local knowledge, Territorial knowledge, Cultural knowledge, Environmental knowledge, Protected Knowledge, controlled technology, and legally privileged materials.

17.14.3(c) Board materials shall indicate classification, access class, handling class, public-safe status, distribution limits, AI-use limits, download restrictions, confidentiality limits, legal privilege status where applicable, and retention requirements.

17.14.3(d) Controlled annexes or restricted annexes shall be used where sensitive materials are necessary for Board review but should not be included in general Board packets or public-safe summaries.

17.14.3(e) The controlling rule shall be that Board materials must protect sensitive information while enabling informed governance.

***

17.14.4 Board Materials Shall Avoid Hype, False Maturity, Unsupported Claims, and Ambiguous Authority.\
17.14.4(a) Board materials shall avoid hype, false maturity, unsupported claims, promotional framing, inflated impact claims, sponsor narratives, provider narratives, technology inevitability claims, public authority overstatement, finance signaling, procurement implication, certification implication, recognition implication, or ambiguous authority.

17.14.4(b) Claims concerning readiness, maturity, validation, verification, safety, security, performance, public authority interest, market demand, financeability, insurability, scalability, interoperability, Nexus compatibility, or adoption shall be supported by records, limitations, scope, review status, and controlled vocabulary.

17.14.4(c) Board materials shall not present sponsor, provider, Public Authority, capital-reader, media, or partner assertions as institutional fact unless independently reviewed and recorded.

17.14.4(d) Where uncertainty exists, Board materials shall state uncertainty rather than convert uncertainty into strategic confidence.

17.14.4(e) The controlling rule shall be that Board decisions must be protected from narrative inflation.

***

17.14.5 Board Deliberations Shall Be Recorded in Minutes or Resolutions Consistent With Law and Confidentiality.\
17.14.5(a) Board deliberations and decisions shall be recorded in minutes, resolutions, written consents, decision records, or other lawful records consistent with applicable law, the Bylaw, confidentiality, legal privilege, privacy, cybersecurity, protected knowledge, public-safe controls, and governance needs.

17.14.5(b) Records shall identify meeting date, attendance, quorum where applicable, materials reviewed, conflicts disclosed, recusals, matters considered, resolutions, decisions, conditions, dissent where recorded, abstentions where required, implementation owner, effective date, and correction path.

17.14.5(c) Minutes shall be sufficiently complete to evidence governance action but need not disclose sensitive details in a manner that compromises legal privilege, privacy, cybersecurity, Public Authority duties, protected knowledge, confidential relationships, or public-safe requirements.

17.14.5(d) Where necessary, sensitive details may be recorded in controlled annexes, legal files, executive-session records, or restricted records with appropriate access controls.

17.14.5(e) The controlling rule shall be that Board deliberation must be recorded with enough integrity to prove authority without unsafe over-disclosure.

***

17.14.6 Board Decisions Shall Identify Effective Date, Scope, Owner, Custodian, Conditions, Review Cycle, and Correction Path Where Applicable.\
17.14.6(a) Material Board decisions shall identify effective date, scope, owner, custodian, authority source, conditions, limitations, implementation steps, review cycle, reporting obligations, public-safe status, repository location, and correction path where applicable.

17.14.6(b) Where a decision approves a policy, program, publication, release, funding arrangement, interface agreement, public authority matter, finance-boundary matter, data activity, AI use, cybersecurity control, protected knowledge activity, or Nexus interface, the decision shall identify responsible implementation and monitoring roles.

17.14.6(c) Conditions shall be clear enough to enforce and shall identify what must occur before external effect, public release, access grant, publication, technical release, Public Authority reference, finance-facing use, or public claim.

17.14.6(d) Review cycles shall be proportionate to risk and may require periodic Board review, committee review, assurance review, legal review, technical review, safeguards review, or correction review.

17.14.6(e) The controlling rule shall be that a Board decision should be implementable, monitorable, and correctable.

***

17.14.7 Board Decisions With Public Meaning Require Public-Safe Summary Where Appropriate.\
17.14.7(a) Board decisions with public meaning may require public-safe summaries, Gazette notices, controlled notices, stakeholder notices, Public Authority notices, sponsor or provider notices, internal notices, or repository updates where appropriate.

17.14.7(b) Public meaning may arise where the decision affects Charter or Bylaw interpretation, public-safe publication, major technical release, public-good software, Open Technical Baseline, public authority learning, sponsorship, provider participation, public claims, corrections, withdrawals, major programs, or Nexus interfaces.

17.14.7(c) Public-safe summaries shall accurately state the decision without over-disclosing confidential, legally privileged, personal, Public Authority, cyber-sensitive, infrastructure-sensitive, finance-sensitive, community-protected, or protected knowledge materials.

17.14.7(d) Public-safe summaries shall include boundary language where the decision could be misread as recognition, finance-readiness, certification, Public Authority approval, procurement approval, provider preference, sponsor validation, public warning, emergency command, protocol effect, or execution authority.

17.14.7(e) The controlling rule shall be that public transparency must be accurate, bounded, and safe.

***

17.14.8 Board Decisions May Be Corrected, Superseded, Withdrawn, or Reopened Where Records Change.\
17.14.8(a) Board decisions may be corrected, clarified, superseded, withdrawn, reclassified, suspended, reinstated, or reopened where records change or where the decision is later shown to be inaccurate, incomplete, unauthorized, unsupported, unsafe, outdated, misleading, procedurally defective, conflicted, or inconsistent with mission lock.

17.14.8(b) Reopening may occur where new evidence, legal developments, data incidents, cybersecurity incidents, public authority clarification, finance-boundary concern, protected knowledge issue, sponsor or provider influence, conflict breach, public claims overclaim, or correction request materially affects the decision.

17.14.8(c) Correction shall identify affected records, affected decisions, downstream dependencies, public materials, controlled materials, implementation actions, notices required, and future reliance limits.

17.14.8(d) Correcting a Board decision shall not be treated as institutional weakness where correction protects legality, mission, evidence integrity, public trust, or public safety.

17.14.8(e) The controlling rule shall be that Board decisions must remain correctable because authority depends on records that may change.

***

17.14.9 Emergency Board Decisions Require Prompt Record Completion and Post-Decision Review.\
17.14.9(a) Emergency Board decisions may be taken only where permitted by law, the Bylaw, emergency procedures, delegation, or other lawful authority and where delay would create material legal, data, cybersecurity, public-safe, protected knowledge, Public Authority, finance-boundary, institutional, or public trust risk.

17.14.9(b) Emergency decisions shall be limited to what is necessary, proportionate, lawful, mission-compatible, and capable of later review.

17.14.9(c) Emergency action shall not be used to bypass Board procedure for convenience, sponsor pressure, provider pressure, funding deadlines, media pressure, public authority ambiguity, or management preference.

17.14.9(d) Prompt record completion shall identify the emergency, authority used, persons involved, decision made, effective time, evidence available, unavailable review, risks accepted, conditions imposed, implementation steps, and correction path.

17.14.9(e) Post-decision review shall determine whether ratification, correction, supersession, withdrawal, reclassification, notice, policy change, or additional Board action is required.

17.14.9(f) The controlling rule shall be that emergency action may be fast but shall not be recordless.

***

17.14.10 Board Decision Records and Decision Pack Register.\
17.14.10(a) GCRI Canada shall maintain Board Decision Records and a Decision Pack Register.

17.14.10(b) The Register shall identify decision ID, Case ID where applicable, date, decision question, authority source, reserved-matter status, materials reviewed, conflicts, recusals, legal review, public-good review, boundary review, data / AI / cybersecurity review, safeguards review, finance review, Public Authority review, decision taken, conditions, effective date, owner, custodian, review cycle, public-safe summary, notice status, correction path, and closeout.

17.14.10(c) Decision records shall link to Board minutes, resolutions, written consents, policies, agreements, publications, technical releases, data records, AI-use records, cybersecurity records, Public Authority records, sponsor records, provider records, finance-boundary records, Nexus interface records, and correction records where applicable.

17.14.10(d) Decision Pack records shall be retained, secured, versioned, indexed, and archived according to their legal, governance, confidentiality, privacy, cybersecurity, public-safe, and protected knowledge status.

17.14.10(e) The controlling rule shall be that decision-grade governance must be supported by decision-grade records.

***

### 17.15 Officers and Executive Leadership

17.15.1 Officers and Executive Leadership Shall Operate Under Lawful Appointment, Bylaw, Board Delegation, Policy, Budget, Mission Lock, and Records.\
17.15.1(a) Officers and Executive Leadership shall operate under lawful appointment, applicable law, the articles, the Bylaw, Board delegation, approved policies, approved budget, mission lock, non-execution, public-good stack alignment, legal separateness, role separation, and proper records.

17.15.1(b) Officers and Executive Leadership shall implement Board-approved strategy and policies but shall not substitute their judgment for Board-reserved matters, legal requirements, fiduciary duties, or constitutional boundaries.

17.15.1(c) Officers and Executive Leadership shall preserve evidence integrity, methods integrity, research integrity, data governance, AI governance, cybersecurity, public-safe publication, Public Authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, community safeguards, protected knowledge controls, records discipline, and correctionability.

17.15.1(d) Officer authority shall be written, scoped, reviewable, revocable, records-valid, and limited by Board delegations, reserved matters, policies, risk thresholds, and applicable law.

17.15.1(e) The controlling rule shall be that executive authority is delegated stewardship, not independent constitutional authority.

***

17.15.2 Chair Function.\
17.15.2(a) The Chair function, where established, shall support Board governance, agenda discipline, meeting effectiveness, fiduciary deliberation, mission-lock oversight, conflict management, Director engagement, Board records, committee coordination, and Board-level stewardship.

17.15.2(b) The Chair shall not unilaterally exercise Board authority, approve Board-reserved matters, bind GCRI Canada beyond delegated authority, override conflicts rules, suppress dissent, bypass Board procedure, or convert personal interpretation into Board action.

17.15.2(c) The Chair shall support independent Board judgment by ensuring that materials are decision-grade, risks are surfaced, conflicts are disclosed, dissent is permitted, reserved matters are identified, and public-good boundaries are respected.

17.15.2(d) The Chair shall help distinguish Board governance from management operations and advisory input from Board authority.

17.15.2(e) The controlling rule shall be that the Chair facilitates Board stewardship and does not replace the Board.

***

17.15.3 Vice-Chair Function Where Applicable.\
17.15.3(a) A Vice-Chair function, where established, shall support the Chair, Board continuity, succession, special governance matters, committee coordination, conflict-managed leadership, and Board functioning as delegated by the Board.

17.15.3(b) The Vice-Chair shall act only within lawful authority, Board delegation, the Bylaw, policies, and proper records.

17.15.3(c) The Vice-Chair may support mission-lock review, Director engagement, governance assurance, reserved-matter identification, public-good alignment, and emergency Board coordination where authorized.

17.15.3(d) The Vice-Chair shall not use the role to create parallel authority, founder-aligned authority, sponsor-aligned authority, provider-aligned authority, management substitute authority, or public-facing authority beyond record.

17.15.3(e) The controlling rule shall be that Vice-Chair authority is supportive and delegated, not inherent beyond the governing instruments.

***

17.15.4 President or Executive Director Function Where Applicable.\
17.15.4(a) A President or Executive Director function, where established, shall lead day-to-day management within lawful appointment, Board delegation, approved strategy, approved budget, policies, mission lock, non-execution, public-good stack alignment, records discipline, and Board oversight.

17.15.4(b) The President or Executive Director may manage staff, programs, operations, partnerships, funding implementation, public-good technical work, research administration, public authority learning, stakeholder participation, and institutional execution of Board-approved decisions within delegated authority.

17.15.4(c) The President or Executive Director shall not approve Board-reserved matters, issue finance-readiness, recognize maturity, certify technologies, authorize public authority approval, procure for Public Authorities, command emergencies, issue official public warnings, control National Companies, control Project SPVs, or create execution authority.

17.15.4(d) The President or Executive Director shall escalate mission-lock risks, legal risks, data risks, AI risks, cybersecurity risks, Public Authority boundary risks, finance-boundary risks, procurement risks, protected knowledge risks, sponsor or provider influence risks, public claims risks, and correction matters to the Board or appropriate committee.

17.15.4(e) The controlling rule shall be that executive management implements public-good stewardship within delegated bounds and must escalate boundary risk.

***

17.15.5 Secretary Function.\
17.15.5(a) The Secretary function, where established, shall support corporate records, notices, minutes, resolutions, Board records, member records where applicable, registers, authority records, delegation records, governance repository discipline, Case ID discipline where applicable, and corporate compliance records.

17.15.5(b) The Secretary shall support validity-by-record by ensuring that material corporate acts are properly recorded, approved, retained, indexed, classified, versioned, and deposited in the authoritative repository where required.

17.15.5(c) The Secretary shall not create Board approval, officer authority, committee authority, member action, public authority meaning, finance-readiness meaning, certification meaning, recognition meaning, or execution authority by administrative notation without proper authority.

17.15.5(d) The Secretary shall help enforce no-email-governance, no-chat-governance, no-silent-edit, versioning, supersession, correction, retention, legal hold, and access-control rules for governance records.

17.15.5(e) The controlling rule shall be that the Secretary function protects institutional meaning by protecting records.

***

17.15.6 Treasurer Function.\
17.15.6(a) The Treasurer function, where established, shall support financial stewardship, budget monitoring, financial reporting, accounting discipline, restricted fund tracking, grant tracking, sponsorship and donation records, in-kind contribution records, internal controls, audit or review processes where applicable, and Board financial oversight.

17.15.6(b) The Treasurer shall help ensure that funds and assets are used for lawful public-benefit purposes, not improper private benefit, private inurement, sponsor control, provider preference, pay-to-play, outcome purchase, public authority access purchase, or execution drift.

17.15.6(c) The Treasurer shall support review of major budgets, restricted funds, grants, sponsorships, donations, in-kind contributions, contracts, related-party transactions, compensation, reimbursement, and financial controls.

17.15.6(d) The Treasurer shall not provide investment advice, securities advice, public finance approval, lending approval, insurance approval, rating, guarantee, capital commitment, or GRA finance-readiness determination unless separately lawful and properly outside GCRI Canada’s non-executing role.

17.15.6(e) The controlling rule shall be that financial stewardship must preserve nonprofit status, public-benefit purpose, anti-inurement, and finance-boundary discipline.

***

17.15.7 Chief Evidence / Research Function.\
17.15.7(a) A Chief Evidence / Research function, where established, shall steward evidence doctrine, research integrity, methods, source lineage, confidence treatment, uncertainty treatment, peer or expert review, reproducibility where appropriate, research records, publication inputs, correction triggers, and evidence quality.

17.15.7(b) The function shall ensure that evidence and research outputs are versioned, reviewable, challengeable, limitation-aware, conflict-managed, public-safe where released, and correctionable.

17.15.7(c) The function shall not convert evidence into GRF recognition, GRA finance-readiness, certification, procurement approval, Public Authority decision, public warning, emergency command, provider preference, sponsor validation, or execution authority.

17.15.7(d) The function shall escalate material evidence disputes, research misconduct concerns, sponsor or provider influence, Public Authority boundary issues, data issues, AI issues, protected knowledge concerns, and correction matters.

17.15.7(e) The controlling rule shall be that evidence leadership protects technical truth without issuing downstream authority.

***

17.15.8 Chief Technology / Compute Function.\
17.15.8(a) A Chief Technology / Compute function, where established, shall steward public-good software, Open Technical Baselines, reference architectures, repositories, compute environments, secure release, verifiable compute methods, technical asset maintenance, technical documentation, software supply-chain discipline, and technical continuity.

17.15.8(b) The function shall ensure that technical assets are versioned, licensed, reviewed, secured, documented, maintained, supported, public-safe where released, and correctionable.

17.15.8(c) The function shall oversee or coordinate repository security, dependency management, SBOM, signing, hashing, release notes, vulnerability response, maintainer roles, contributor controls, and technical asset retirement where applicable.

17.15.8(d) The function shall not create certification, protocol effect, provider preference, procurement advantage, public authority approval, finance-readiness, market operation, infrastructure operation, or execution authority by technical release or integration.

17.15.8(e) The controlling rule shall be that technical leadership stewards public-good technical assets without converting them into execution infrastructure by default.

***

17.15.9 Chief Data / AI / Cyber Function.\
17.15.9(a) A Chief Data / AI / Cyber function, where established, shall steward privacy, data governance, AI governance, cybersecurity, secure collaboration, controlled rooms, clean rooms, model registers, inference records, access controls, breach response, incident response, and technical risk controls.

17.15.9(b) The function shall ensure that data and AI activities are lawful, purpose-bound, classified, minimized, access-controlled, AI-use-controlled, cybersecurity-protected, public-safe, and correctionable.

17.15.9(c) The function shall oversee or coordinate model register discipline, inference records, unauthorized training prohibitions, embedding restrictions, retrieval controls, AI output review, agentic AI controls, cybersecurity controls, secrets management, key management, incident triage, breach handling, and third-party data or AI review.

17.15.9(d) The function shall escalate material privacy risks, data rights risks, sovereign data risks, Public Authority Data risks, AI risks, cybersecurity incidents, protected knowledge risks, cross-border transfer risks, controlled technology risks, and public-safe release risks.

17.15.9(e) The controlling rule shall be that data, AI, and cybersecurity leadership protects rights, systems, and trust, not merely technical operations.

***

17.15.10 Public Authority, Safeguards, Publication, Finance-Boundary, Records, and Technical Asset Leadership Functions Where Applicable.\
17.15.10(a) GCRI Canada may establish Public Authority, Safeguards, Publication, Finance-Boundary, Records, Technical Asset, Community, Protected Knowledge, Research Integrity, Data Protection, Cybersecurity, or other leadership functions where appropriate to support mission-compatible operations and oversight.

17.15.10(b) A Public Authority leadership function shall manage capacity classification, non-endorsement, Public Authority Data controls, public authority learning, public reference approvals, and public authority boundary discipline without creating Public Authority delegation.

17.15.10(c) A Safeguards or Protected Knowledge leadership function shall manage community safeguards, Indigenous knowledge safeguards, local and territorial knowledge safeguards, grievance, remedy, public-safe mapping, accessibility, non-retaliation, and protected knowledge controls.

17.15.10(d) A Publication or Public Claims leadership function shall manage public-safe publication, controlled vocabulary, claims substantiation, media approvals, public communications, correction notices, and boundary language.

17.15.10(e) A Finance-Boundary leadership function shall manage no-advice, no-solicitation, no-rating, no-guarantee, no-commitment, GRA routing, capital-reader controls, public finance boundaries, and finance-sensitive materials without creating finance execution.

17.15.10(f) A Records or Technical Asset leadership function shall protect validity-by-record, authoritative repository discipline, no-silent-edit rules, technical asset registers, release records, and correction records.

17.15.10(g) The controlling rule shall be that specialized leadership functions support governance boundaries and do not acquire authority beyond delegation.

***

17.15.11 Officers Shall Not Exceed Delegated Authority.\
17.15.11(a) Officers shall not exceed delegated authority.

17.15.11(b) Officers shall not approve Board-reserved matters, amend core governance instruments, accept high-risk funding, grant sponsor control, create provider preference, approve high-risk Public Authority interfaces, issue finance-readiness, recognize maturity, certify technologies, issue public warnings, command emergencies, approve procurement, authorize execution, transfer public-good assets, or create legal obligations beyond delegated scope.

17.15.11(c) Officers shall not use email, chat, verbal assurances, slide decks, draft materials, informal meeting notes, sponsor communications, provider communications, Public Authority conversations, or Nexus coordination discussions as substitutes for required Board records or delegations.

17.15.11(d) Where authority is ambiguous, Officers shall pause, narrow, escalate, obtain clarification, or refuse the action until proper authority is established.

17.15.11(e) Officer overreach shall require correction, ratification where lawful and appropriate, rescission where necessary, access restriction, delegation review, discipline, or Board action.

17.15.11(f) The controlling rule shall be that delegated authority must be exercised exactly within its recorded limits.

***

17.15.12 Officer Records, Delegations, Conflicts, Performance, Compensation, Removal, and Closeout.\
17.15.12(a) GCRI Canada shall maintain Officer records, delegation records, conflict records, performance records, compensation records, removal records, and closeout records for material Officers and Executive Leadership functions.

17.15.12(b) Records shall identify appointment authority, role, title, scope, delegated authority, reserved-matter limits, reporting line, budget authority, signature authority, access rights, conflicts, independence status, compensation, benefits, performance review, training, public reference permissions, corrective actions, suspension or removal status, and closeout.

17.15.12(c) Delegation records shall identify authority source, scope, effective date, conditions, limitations, reporting obligations, review cycle, revocation process, escalation requirements, and correction path.

17.15.12(d) Officer closeout shall address authority termination, access revocation, credential revocation, repository access removal, data disposition, confidentiality survival, IP survival, records transfer, public claims correction, delegation termination, and continuing obligations.

17.15.12(e) Officer assurance shall review whether Officers remain within delegated authority, conflict-managed, trained, effective, records-valid, compensated reasonably, and aligned with mission lock.

17.15.12(f) The controlling rule shall be that executive leadership must be traceable from appointment through delegation, performance, correction, and closeout.

### 17.16 Officer Duties and Boundary Discipline

17.16.1 Officers Shall Implement Board-Approved Strategy, Budget, Policies, Programs, and Controls.\
17.16.1(a) Officers shall implement Board-approved strategy, budget, policies, programs, controls, delegations, decisions, corrective actions, and institutional priorities within the scope of their lawful appointment and recorded authority.

17.16.1(b) Officer implementation shall preserve GCRI Canada’s Canadian public-benefit, nonprofit, non-share, non-distributing, non-executing, evidence-and-methods, public-good technical institution character and shall not convert operational management into authority beyond the Board-approved record.

17.16.1(c) Officers shall ensure that programs, research activities, publications, technical releases, public authority learning, data activities, AI use, cybersecurity practices, sponsorships, provider relationships, participant interfaces, and Nexus interfaces operate within approved scope, approved budget, applicable policies, and proper records.

17.16.1(d) Officers shall not treat Board-approved strategy as permission to exceed specific delegations, bypass reserved matters, ignore risk thresholds, create public claims beyond record, or act without required review.

17.16.1(e) The controlling rule shall be that Officers execute approved institutional administration within delegated bounds and do not create constitutional authority by operational necessity.

***

17.16.2 Officers Shall Maintain Non-Execution Discipline.\
17.16.2(a) Officers shall maintain non-execution discipline in all operational, programmatic, technical, public-facing, finance-facing, public authority-facing, and Nexus-facing activities.

17.16.2(b) Officers shall ensure that GCRI Canada does not regulate, procure, approve funding, approve public finance, issue official public warnings, command emergencies, certify technologies, provide investment advice, solicit securities, broker transactions, underwrite insurance, rate credit, guarantee outcomes, operate market infrastructure, operate National Companies, control Project SPVs, or execute downstream activity.

17.16.2(c) Officers shall ensure that evidence packs, public-safe summaries, dashboards, maps, datasets, reports, technical baselines, software releases, Academy materials, public authority learning materials, Observatory outputs, Truth Engine outputs, AI outputs, and proof receipts are described as evidence, methods, learning, technical, or public-good artifacts, not execution instruments.

17.16.2(d) Where non-execution ambiguity arises, Officers shall pause, narrow, quarantine, seek review, route to the competent institution, or escalate to the Board or appropriate committee before external effect is created.

17.16.2(e) The controlling rule shall be that Officers must protect the bright line between upstream stewardship and downstream consequence.

***

17.16.3 Officers Shall Maintain Public Authority Boundary Discipline.\
17.16.3(a) Officers shall maintain Public Authority boundary discipline in all engagements with governments, regulators, public agencies, Indigenous governments, public infrastructure operators, emergency-management actors, public health actors, public finance actors, public procurement actors, and other public-sector participants.

17.16.3(b) Officers shall ensure that Public Authority participation is capacity-classified, reference-approved where required, data-controlled, non-endorsing, non-delegating, non-procurement, non-funding, non-regulatory, non-warning, non-command, and correctionable.

17.16.3(c) Officers shall not permit Public Authority attendance, questions, data contribution, dashboard access, map access, room participation, public authority learning, regulator-listening status, public finance reader status, emergency-management participation, or public health participation to be described as endorsement, adoption, approval, procurement, funding, regulation, public finance, public warning, emergency command, public-private partnership, public adoption, or sovereign obligation.

17.16.3(d) Officers shall ensure that Public Authority names, logos, titles, agency names, jurisdiction references, quotes, photographs, attendance references, and data contribution references are used only within approved scope and with proper boundary language.

17.16.3(e) The controlling rule shall be that Officers must treat Public Authority proximity as a high-risk public meaning surface.

***

17.16.4 Officers Shall Maintain Finance-Boundary Discipline.\
17.16.4(a) Officers shall maintain finance-boundary discipline in all materials, rooms, communications, reports, public authority learning, capital-reader interfaces, National Company interfaces, Project SPV interfaces, GRA interfaces, public finance references, insurance references, and finance-sensitive data contexts.

17.16.4(b) Officers shall ensure that GCRI Canada does not provide investment advice, securities advice, securities offerings, solicitation, brokerage, finder activity, placement, underwriting, lending, insurance placement, insurance advice, rating, guarantee, credit approval, capital commitment, grant approval, MDB or DFI approval, sovereign finance approval, or public finance approval.

17.16.4(c) Officers shall preserve the role of The Global Risks Alliance (GRA) where finance-readiness, capital readability, proof-pack discipline, insurance-readiness, capital-reader rooms, RNFD, NFD, UNFSD, and regulated-perimeter discipline are implicated.

17.16.4(d) Officers shall ensure that finance-facing materials include no-advice, no-solicitation, no-rating, no-guarantee, no-commitment, no-approval, no-public-authority-approval, no-provider-preference, and no-execution language where applicable.

17.16.4(e) The controlling rule shall be that Officers may support finance literacy and upstream evidence routing without creating finance execution.

***

17.16.5 Officers Shall Maintain Research Integrity and Publication Discipline.\
17.16.5(a) Officers shall maintain research integrity and publication discipline for research protocols, evidence records, methods, reports, whitepapers, technical notes, public-safe summaries, dashboards, maps, datasets, Academy materials, public authority learning materials, media statements, websites, speeches, and social media.

17.16.5(b) Officers shall ensure that research and publications are supported by records, lawful basis, source lineage, method integrity, conflict disclosure, review status, confidence treatment, uncertainty treatment, limitations, controlled vocabulary, public-safe status, publication authority, and correction path.

17.16.5(c) Officers shall prevent sponsor, donor, funder, provider, host, Public Authority, capital-reader, media, founder, partner, or internal pressure from controlling research design, data selection, methods, interpretation, publication timing, public-safe framing, or correction.

17.16.5(d) Officers shall ensure that publications do not create unsupported technical claims, impact claims, Public Authority claims, finance claims, recognition claims, certification claims, provider claims, sponsor claims, Nexus-compatible claims, public warning claims, emergency command claims, or execution claims.

17.16.5(e) The controlling rule shall be that Officers must preserve the integrity of public truth before publication speed, visibility, or institutional convenience.

***

17.16.6 Officers Shall Maintain Data, AI, Cybersecurity, and Technical Asset Discipline.\
17.16.6(a) Officers shall maintain data, AI, cybersecurity, and technical asset discipline across systems, repositories, controlled rooms, clean rooms, data rooms, dashboards, maps, APIs, schemas, datasets, AI tools, compute environments, public-good software, Open Technical Baselines, and technical releases.

17.16.6(b) Officers shall ensure that data activities are lawful, purpose-bound, classified, minimized, access-controlled, retention-controlled, transfer-controlled, public-safe, and correctionable.

17.16.6(c) Officers shall ensure that AI use is authorized, model-registered where material, human-reviewed where required, inference-recorded where material, protected against unauthorized training, fine-tuning, embedding, retrieval, or model improvement, and not treated as authority by default.

17.16.6(d) Officers shall ensure that cybersecurity controls address identity, access, MFA where required, secrets, keys, tokens, repository security, secure collaboration, supply-chain security, vulnerability management, incident response, breach handling, backup, continuity, and third-party security.

17.16.6(e) Officers shall ensure that technical assets are versioned, licensed, reviewed, secured, documented, public-safe where released, anti-enclosure compliant, and correctionable.

17.16.6(f) The controlling rule shall be that Officers must treat technical systems as governance surfaces, not merely operating tools.

***

17.16.7 Officers Shall Maintain Sponsor Non-Control and Provider Neutrality.\
17.16.7(a) Officers shall maintain sponsor non-control and provider neutrality in funding, programs, publications, technical releases, public authority interfaces, rooms, events, public claims, research, data access, evidence packs, benchmarks, dashboards, maps, and Nexus interfaces.

17.16.7(b) Officers shall ensure that sponsors, donors, funders, grantors, hosts, and supporters do not control evidence, methods, publication, Public Authority access, provider treatment, technical baselines, public-safe claims, controlled vocabulary, correction decisions, or institutional truth.

17.16.7(c) Officers shall ensure that providers, vendors, contractors, Qualified Providers, technical contributors, and platform actors do not obtain certification, procurement advantage, Public Authority approval, preferred status, finance-readiness, recognition, Nexus-compatible status, or technical authority by participation alone.

17.16.7(d) Officers shall review sponsorship benefits, provider involvement, in-kind contributions, public acknowledgments, demonstrations, benchmarks, technical contributions, and public claims for influence, capture, and overclaim risk.

17.16.7(e) The controlling rule shall be that Officers must ensure support and contribution remain useful without becoming control or preference.

***

17.16.8 Officers Shall Maintain Records, Registers, Gazette, Correction, and Supersession Discipline.\
17.16.8(a) Officers shall maintain records, registers, Gazette, authoritative repository, versioning, correction, supersession, withdrawal, retraction, archive, and no-silent-edit discipline for all matters within their authority.

17.16.8(b) Officers shall ensure that material acts have Case IDs where required, decision records, authority mapping, owner, custodian, classification, access class, handling class, public-safe status, version, effective date, review status, limitations, dependencies, and correction path.

17.16.8(c) Officers shall not treat email, chat, verbal assurances, slides, draft notes, informal documents, sponsor communications, provider communications, Public Authority conversations, or media statements as substitutes for required records.

17.16.8(d) Officers shall ensure that adopted, public-safe, controlled, corrected, superseded, withdrawn, retracted, or archived materials are reflected in the appropriate registers, repositories, Gazette notices, correction notices, and downstream dependency records.

17.16.8(e) The controlling rule shall be that Officers must make institutional meaning valid by record and repair it by correction.

***

17.16.9 Officers Shall Escalate Boundary Risk, Legal Risk, Safeguards Risk, Technical Risk, Public Trust Risk, and High-Risk Exceptions.\
17.16.9(a) Officers shall escalate boundary risk, legal risk, safeguards risk, technical risk, Public Authority risk, finance risk, procurement risk, sponsor risk, provider risk, data risk, AI risk, cybersecurity risk, protected knowledge risk, public claims risk, public trust risk, and high-risk exceptions to the Board, appropriate committee, legal reviewer, safeguards reviewer, data protection reviewer, cybersecurity reviewer, or other competent function.

17.16.9(b) Escalation shall occur before external effect where risk is foreseeable and promptly after discovery where risk emerges during implementation.

17.16.9(c) High-risk exceptions include exceptions to data rules, AI-use rules, cross-border transfer rules, public-safe publication rules, controlled-room rules, public authority reference rules, finance-boundary rules, sponsor rules, provider rules, technical release rules, protected knowledge rules, or correction rules.

17.16.9(d) Officers shall not normalize, defer, obscure, or privately resolve high-risk exceptions where Board or committee oversight is required.

17.16.9(e) The controlling rule shall be that Officers must escalate risk before ambiguity becomes authority, reliance, or harm.

***

17.16.10 Officer Boundary Breach, Correction, Discipline, and Board Reporting.\
17.16.10(a) Officer boundary breach includes exceeding delegated authority, bypassing Board-reserved matters, violating non-execution, misdescribing Public Authority participation, creating finance overclaim, creating procurement overclaim, enabling sponsor control, enabling provider preference, issuing unsupported public claims, misusing data, misusing AI, weakening cybersecurity, misusing protected knowledge, ignoring conflicts, suppressing correction, or failing to maintain records.

17.16.10(b) Officer boundary breach shall require response proportionate to seriousness, harm, intent, recurrence, public reliance, legal consequence, data sensitivity, cybersecurity consequence, Public Authority implication, finance implication, sponsor or provider implication, protected knowledge sensitivity, and public trust risk.

17.16.10(c) Corrective action may include clarification, correction, ratification where lawful, rescission, supersession, withdrawal, retraction, access restriction, delegation narrowing, training, supervision, suspension, removal, contractual remedy, legal review, public-safe notice, controlled notice, or Board reporting.

17.16.10(d) Material Officer breach shall be reported to the Board or appropriate committee with affected records, affected materials, affected systems, root cause, corrective action, residual risk, and recurrence-prevention measures.

17.16.10(e) The controlling rule shall be that Officer authority is accountable, correctable, and subject to Board oversight.

***

### 17.17 Delegation of Authority

17.17.1 Delegation Must Be Written, Scoped, Limited, Revocable, Recorded, and Consistent With Law, Articles, Bylaw, Charter, Policies, Budget, and Mission Lock.\
17.17.1(a) Delegation of authority shall be written, scoped, limited, revocable, recorded, and consistent with applicable law, the articles, Bylaw, Charter, Board-approved policies, approved budget, mission lock, non-execution, public-good stack alignment, legal separateness, and proper records.

17.17.1(b) Delegation may be made to Officers, committees, employees, contractors, agents where lawful, project leads, custodians, reviewers, technical maintainers, records officers, public-safe reviewers, data protection reviewers, cybersecurity reviewers, or other persons or functions only within lawful and recorded limits.

17.17.1(c) Delegation shall not be implied from title, employment, technical expertise, founder status, sponsor relationship, provider relationship, public authority relationship, committee participation, council participation, prior practice, email instruction, chat instruction, or urgent need.

17.17.1(d) Delegated authority shall be interpreted narrowly where ambiguity exists, and the person exercising delegated authority shall escalate uncertainty before acting.

17.17.1(e) The controlling rule shall be that delegation exists by record, not by assumption.

***

17.17.2 Delegation Shall Identify Delegate, Authority Source, Scope, Limits, Term, Reporting Duty, Records Duty, Conflict Duty, and Review Cycle.\
17.17.2(a) Each material delegation shall identify the delegate, authority source, purpose, scope, limits, term, effective date, expiration or review date, reporting duty, records duty, conflict duty, access rights, budget authority, signature authority where applicable, and revocation process.

17.17.2(b) Delegation shall identify prohibited acts, reserved matters, escalation thresholds, required reviews, required approvals, public-safe requirements, data restrictions, AI-use restrictions, cybersecurity obligations, Public Authority reference limits, finance-boundary limits, provider-neutrality rules, sponsor-non-control rules, and correction duties where applicable.

17.17.2(c) Delegation shall specify whether the delegate may approve, recommend, review, implement, sign, publish, release, access, spend, engage, communicate, or escalate.

17.17.2(d) Delegation records shall be maintained in the appropriate register and linked to policies, budgets, Board decisions, committee charters, access records, and correction records.

17.17.2(e) The controlling rule shall be that delegation must be clear enough to prevent authority drift.

***

17.17.3 Delegation Shall Not Include Board-Reserved Matters Unless Lawfully and Expressly Authorized.\
17.17.3(a) Delegation shall not include Board-reserved matters unless lawful, expressly authorized, consistent with the Bylaw, and recorded in a manner that identifies the specific reserved matter and the limits of delegated authority.

17.17.3(b) Board-reserved matters shall remain with the Board unless the Board is legally permitted and has expressly delegated a defined aspect of preparation, review, recommendation, implementation, or limited approval.

17.17.3(c) Delegation to prepare materials, negotiate terms, conduct review, or implement a Board decision shall not constitute delegation to approve the reserved matter itself.

17.17.3(d) Any purported approval of a Board-reserved matter by a person lacking authority shall be held, reviewed, corrected, ratified only where lawful and appropriate, or rescinded.

17.17.3(e) The controlling rule shall be that reserved matters remain reserved unless expressly and lawfully delegated.

***

17.17.4 Delegation Shall Not Permit Prohibited Functions.\
17.17.4(a) Delegation shall not permit any person, committee, Officer, employee, contractor, advisor, council, provider, sponsor, Public Authority participant, National Company, Project SPV, or Nexus participant to perform functions that GCRI Canada itself is prohibited from performing.

17.17.4(b) No delegation shall authorize execution authority, market operation, public authority substitution, emergency command, official public warning, certification by default, finance execution, investment advice, procurement steering, provider preference, sponsor control, public authority approval, or protocol effect beyond GCRI Canada’s lawful role.

17.17.4(c) A delegate shall not use delegated authority to create authority greater than the source authority from which delegation arises.

17.17.4(d) Where delegated activity approaches a prohibited function, the delegate shall stop, narrow, quarantine, escalate, or refuse the activity.

17.17.4(e) The controlling rule shall be that delegation cannot do indirectly what GCRI Canada cannot do directly.

***

17.17.5 Delegation Shall Not Permit Public Authority Substitution.\
17.17.5(a) Delegation shall not permit Public Authority substitution.

17.17.5(b) No delegate may regulate, approve compliance, approve procurement, approve public funding, approve public finance, issue official public warnings, command emergencies, grant permits, create safe harbor, issue public authority guidance, make sovereign commitments, or bind Public Authorities unless acting as a competent Public Authority under separate lawful authority outside GCRI Canada.

17.17.5(c) Delegates managing Public Authority interfaces shall operate within capacity classification, reference approval, non-endorsement language, data contribution records, public-safe review, and boundary controls.

17.17.5(d) Public Authority requests that would require GCRI Canada to act as a Public Authority shall be escalated, declined, redirected, or reframed as evidence support, learning, or technical input.

17.17.5(e) The controlling rule shall be that delegated authority cannot transform GCRI Canada into government.

***

17.17.6 Delegation Shall Not Permit Finance Execution, Investment Advice, Brokerage, Lending, Insurance, Underwriting, Rating, Guarantee, or Public Finance Approval.\
17.17.6(a) Delegation shall not permit finance execution, investment advice, securities advice, securities offering, solicitation, brokerage, finder activity, placement, underwriting, lending, insurance placement, insurance advice, rating, guarantee, credit approval, capital commitment, grant approval, MDB or DFI approval, sovereign finance approval, or public finance approval.

17.17.6(b) Delegates handling capital-reader materials, finance-sensitive information, Project SPV materials, National Company materials, public finance references, insurance references, or GRA interfaces shall apply finance-boundary review, no-reliance language, no-solicitation language, no-advice language, no-rating language, no-guarantee language, no-commitment language, and GRA role preservation.

17.17.6(c) Delegation to discuss evidence with capital readers shall not authorize transaction discussion, recommendation, pricing, structuring, introduction for compensation, underwriting, rating, guarantee, or public finance approval.

17.17.6(d) Any finance-ambiguous delegated activity shall be paused and escalated for legal, GRA, finance-boundary, or Board review.

17.17.6(e) The controlling rule shall be that finance boundaries cannot be delegated away.

***

17.17.7 Delegation Shall Not Permit Certification by Default, Provider Preference, Sponsor Control, or Procurement Steering.\
17.17.7(a) Delegation shall not permit certification by default, provider preference, sponsor control, procurement steering, vendor selection for Public Authorities, public tender advantage, market allocation, or technical status overclaim.

17.17.7(b) Delegates may administer evidence review, technical review, benchmarking, demonstrations, provider participation, sponsor acknowledgment, or public-good technical work only within provider-neutral, sponsor-non-controlling, procurement-safe, and records-valid limits.

17.17.7(c) No delegate may describe a provider, sponsor, host, National Company, Project SPV, technology, software, technical baseline, dashboard, map, dataset, or system as certified, approved, preferred, procurement-ready, public-authority approved, finance-ready, recognized, mature, Nexus-compatible, protocol-conformant, or execution-ready unless proper authority and records support the exact term.

17.17.7(d) Procurement-sensitive delegated activity shall require competition controls, do-not-discuss rules, Public Authority capacity classification, provider-neutrality controls, and public claims review.

17.17.7(e) The controlling rule shall be that delegated operations must not create market advantage by implication.

***

17.17.8 Delegation Shall Include Stop-the-Line and Escalation Duties Where Appropriate.\
17.17.8(a) Delegation shall include stop-the-line and escalation duties where the delegated activity involves public authority interfaces, finance-facing materials, data, AI, cybersecurity, public-safe publication, technical release, controlled technology, protected knowledge, community safeguards, sponsor relationships, provider relationships, public claims, or Nexus interfaces.

17.17.8(b) Stop-the-line duties may require the delegate to pause activity, restrict access, quarantine materials, suspend publication, freeze release, remove public claims, refer to legal review, refer to safeguards review, refer to cybersecurity review, refer to GRA, refer to GRF, refer to Protocol Authority, or escalate to the Board or committee.

17.17.8(c) Delegates shall not be penalized for good-faith stop-the-line action taken to prevent legal, safeguard, public-safe, data, cybersecurity, public authority, finance, procurement, sponsor, provider, protected knowledge, or public trust harm.

17.17.8(d) Stop-the-line action shall be promptly recorded, reviewed, resolved, and closed with corrective action where required.

17.17.8(e) The controlling rule shall be that delegation must empower restraint as well as action.

***

17.17.9 Delegation May Be Suspended, Restricted, or Revoked Where Risk Arises.\
17.17.9(a) Delegation may be suspended, restricted, narrowed, conditioned, reassigned, or revoked where risk arises or where continued delegation is inconsistent with law, Bylaw, policy, mission lock, public-good stack alignment, non-execution, public trust, or Board oversight.

17.17.9(b) Grounds may include authority overreach, conflict, breach, poor performance, failure to keep records, public claims misuse, data misuse, AI misuse, cybersecurity weakness, Public Authority confusion, finance overclaim, provider preference, sponsor influence, protected knowledge risk, legal risk, or failure to escalate.

17.17.9(c) Delegation suspension or revocation shall address access revocation, signature authority removal, credential revocation, repository access removal, materials transfer, records transfer, open matters, public claims correction, and closeout.

17.17.9(d) Where urgent risk exists, interim restriction may occur before final review.

17.17.9(e) The controlling rule shall be that delegated authority is conditional and revocable.

***

17.17.10 Delegation Register and Assurance.\
17.17.10(a) GCRI Canada shall maintain a Delegation Register and Delegation Assurance process.

17.17.10(b) The Delegation Register shall identify delegate, role, authority source, scope, limits, term, budget authority, signature authority, access rights, prohibited acts, reporting obligations, conflict obligations, records obligations, stop-the-line duties, review date, suspension, restriction, revocation, and closeout.

17.17.10(c) Delegation Assurance shall review whether delegations are current, lawful, scoped, necessary, understood, followed, documented, conflict-managed, access-aligned, and consistent with Board-reserved matters.

17.17.10(d) Assurance findings may require delegation amendment, training, access changes, public claims correction, revocation, Board reporting, or policy revision.

17.17.10(e) The controlling rule shall be that delegated authority must be recorded and periodically tested because unreviewed delegation becomes shadow governance.

***

### 17.18 Board Committees

17.18.1 Board Committees as Board-Supporting Structures Created by Charter, Bylaw, Policy, or Board Resolution.\
17.18.1(a) Board Committees shall be Board-supporting structures created by the Charter, Bylaw, Board-approved policy, or Board resolution to assist the Board in governance, oversight, review, recommendation, monitoring, assurance, or limited delegated action.

17.18.1(b) Board Committees shall remain accountable to the Board and shall not operate as independent corporate authorities except within lawful and recorded delegation.

17.18.1(c) Board Committees shall be distinguished from advisory councils, Leadership Councils, Helix Councils, expert panels, working groups, fellows, advisors, staff teams, sponsor groups, provider groups, Public Authority groups, or Nexus-interface groups.

17.18.1(d) Committee creation shall identify why the committee is needed, how it supports Board stewardship, what authority it has, what authority it does not have, and how it reports to the Board.

17.18.1(e) The controlling rule shall be that Board Committees support Board governance and do not replace the Board.

***

17.18.2 Committee Charters Required for Material Committees.\
17.18.2(a) Each Material Committee shall have a Committee Charter or equivalent Board-approved instrument.

17.18.2(b) The Committee Charter shall identify committee name, purpose, authority source, scope, membership, chair, reporting line, delegated powers if any, limits, quorum where applicable, meeting cadence, records, confidentiality, conflicts, recusal, access rights, public claims limits, review cycle, and closeout.

17.18.2(c) The Committee Charter shall identify whether the committee may act, recommend, review, monitor, investigate, approve within limits, or report only.

17.18.2(d) Committee Charters shall include boundary rules for non-execution, Public Authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, data, AI, cybersecurity, protected knowledge, public-safe publication, and correctionability where relevant.

17.18.2(e) The controlling rule shall be that committee authority must be chartered before it is exercised.

***

17.18.3 Committee Purpose, Authority, Membership, Chair, Quorum Where Applicable, Reporting, Records, Conflicts, Confidentiality, and Limits.\
17.18.3(a) Each Committee shall operate within its stated purpose, authority, membership, chair, quorum where applicable, reporting duties, records duties, conflict rules, confidentiality rules, access limits, and authority limits.

17.18.3(b) Committee membership shall be appropriate to the committee’s mandate, risk profile, independence needs, expertise needs, legal constraints, confidentiality needs, data sensitivity, cybersecurity sensitivity, Public Authority sensitivity, finance sensitivity, protected knowledge sensitivity, and public trust implications.

17.18.3(c) Committee chairs shall ensure that agendas, materials, conflicts, recusals, minutes, recommendations, decisions, and reports comply with the Committee Charter and Board requirements.

17.18.3(d) Committee reporting to the Board shall identify matters reviewed, decisions taken within delegated authority, recommendations, risks, dissent, unresolved matters, corrective actions, and matters requiring Board decision.

17.18.3(e) The controlling rule shall be that committees must operate as disciplined governance instruments.

***

17.18.4 Committees May Recommend, Review, Monitor, or Act Within Delegated Authority Only.\
17.18.4(a) Committees may recommend, review, monitor, investigate, assure, or act only within delegated authority.

17.18.4(b) A committee recommendation shall not become Board approval unless adopted by the Board or otherwise authorized under lawful delegation.

17.18.4(c) Committee review shall not create public approval, publication authority, certification, recognition, finance-readiness, Public Authority approval, procurement approval, provider preference, sponsor validation, protocol effect, or execution authority unless the committee has express lawful authority and proper records for the specific effect.

17.18.4(d) Committees shall escalate matters beyond scope, beyond delegation, involving Board-reserved matters, or creating high-risk boundary issues.

17.18.4(e) The controlling rule shall be that committee authority is derivative and limited.

***

17.18.5 Committees Shall Not Exercise Prohibited Functions.\
17.18.5(a) Committees shall not exercise prohibited functions.

17.18.5(b) No Committee shall regulate, procure for Public Authorities, approve public funding, approve public finance, issue official public warnings, command emergencies, certify technologies by default, provide investment advice, solicit securities, broker transactions, underwrite insurance, rate credit, guarantee outcomes, operate market infrastructure, control National Companies, control Project SPVs, create provider preference, grant sponsor control, or execute downstream activity.

17.18.5(c) Committees shall not substitute for GRF, GRA, Protocol Authority, Public Authorities, execution actors, licensed professionals, or regulated intermediaries.

17.18.5(d) A committee encountering prohibited-function risk shall stop, narrow, route, escalate, or recommend refusal.

17.18.5(e) The controlling rule shall be that committee structure cannot expand GCRI Canada’s institutional authority.

***

17.18.6 Committees Shall Not Replace the Board on Board-Reserved Matters Unless Lawfully Authorized.\
17.18.6(a) Committees shall not replace the Board on Board-reserved matters unless lawful, expressly authorized, and recorded.

17.18.6(b) Committees may prepare, review, recommend, monitor, or assure Board-reserved matters but shall not approve them unless the Bylaw and Board delegation lawfully permit such authority.

17.18.6(c) Any committee action touching Charter amendment, Bylaw amendment, major strategy, annual budget, material funding, major policy, major technical release, high-risk Public Authority matter, high-risk finance-boundary matter, high-risk protected knowledge matter, structural change, or dissolution shall be reviewed against Board-reserved matter rules.

17.18.6(d) Unauthorized committee action on a reserved matter shall be held, reviewed, corrected, ratified only where lawful and appropriate, or rescinded.

17.18.6(e) The controlling rule shall be that Board-reserved authority cannot be displaced by committee convenience.

***

17.18.7 Committees May Include Directors and, Where Lawful and Appropriate, Officers, Staff, Advisors, Technical Experts, Community Advisors, or External Experts.\
17.18.7(a) Committees may include Directors and, where lawful and appropriate, Officers, staff, advisors, technical experts, safeguards experts, community advisors, public authority context experts, data experts, AI experts, cybersecurity experts, research experts, legal advisors, finance-boundary advisors, or other external experts.

17.18.7(b) Non-Director participants in committees shall be role-classified, conflict-reviewed, confidentiality-bound, access-controlled, and subject to public claims limits.

17.18.7(c) Non-Director participation shall not create Board membership, fiduciary authority, voting authority, committee authority, or corporate authority unless lawful and expressly recorded.

17.18.7(d) Where non-Director experts participate in sensitive matters, the committee shall define access, attribution, non-attribution, publication limits, data handling, AI-use limits, cybersecurity obligations, and closeout.

17.18.7(e) The controlling rule shall be that expertise may inform committee work without becoming Board authority.

***

17.18.8 Committee Records, Minutes, Recommendations, Decisions, Conflicts, Recusals, and Corrections.\
17.18.8(a) Committees shall maintain records, minutes, recommendations, decisions within delegated authority, conflict disclosures, recusal records, dissent records, materials reviewed, action items, corrective actions, and closeout records proportionate to their mandate.

17.18.8(b) Committee records shall identify meeting date, participants, capacity, authority, quorum where applicable, materials, matters reviewed, conflicts, recusals, decisions, recommendations, conditions, implementation owner, reporting obligation, public-safe status, and correction path.

17.18.8(c) Sensitive committee materials shall be handled through controlled annexes, restricted records, legal files, executive-session records, or other secure means where appropriate.

17.18.8(d) Committee records may be corrected, clarified, superseded, withdrawn, or reclassified where inaccurate, incomplete, unsupported, unsafe, unauthorized, or misleading.

17.18.8(e) The controlling rule shall be that committee work must be records-valid because it supports Board authority.

***

17.18.9 Committee Charter Review and Renewal.\
17.18.9(a) Committee Charters shall be reviewed periodically and renewed, amended, suspended, consolidated, or dissolved where necessary.

17.18.9(b) Review shall assess continuing need, authority, scope, membership, independence, conflicts, performance, reporting quality, records quality, access controls, public-safe status, risk alignment, Board-reserved matter compliance, and correction history.

17.18.9(c) Committees that are inactive, duplicative, unclear, captured, overbroad, under-recorded, or misaligned with mission lock shall be corrected, rechartered, suspended, consolidated, or dissolved.

17.18.9(d) Material charter amendments shall be approved by the Board and deposited in the authoritative repository.

17.18.9(e) The controlling rule shall be that committees must remain fit for purpose and cannot persist as stale authority surfaces.

***

17.18.10 Committee Register and Assurance.\
17.18.10(a) GCRI Canada shall maintain a Committee Register and Committee Assurance process.

17.18.10(b) The Committee Register shall identify committee name, authority source, charter, members, chair, purpose, delegated powers, limits, meeting cadence, reporting line, conflicts, confidentiality status, access rights, records location, review cycle, amendments, suspensions, dissolution, and closeout.

17.18.10(c) Committee Assurance shall review whether committees remain lawful, chartered, necessary, properly composed, conflict-managed, records-valid, effective, within delegation, and aligned with mission lock.

17.18.10(d) Assurance findings may require charter amendment, membership change, training, access restriction, reporting change, correction, suspension, dissolution, or Board action.

17.18.10(e) The controlling rule shall be that committees require registers and assurance because delegated governance can otherwise become invisible governance.

***

### 17.19 Governance and Nominating Committee

17.19.1 Governance and Nominating Committee Purpose.\
17.19.1(a) The Governance and Nominating Committee, where established, shall support the Board in Board composition, Director recruitment, eligibility review, independence review, conflicts review, succession, onboarding, governance policy review, Charter–Bylaw alignment, committee structure, governance literacy, fiduciary training, mission-lock oversight, legal-separateness oversight, Public-Good Stack oversight, and non-execution governance review.

17.19.1(b) The Committee shall be advisory and recommending unless the Board expressly delegates specific authority consistent with law, Bylaw, and Board-reserved matter rules.

17.19.1(c) The Committee shall help ensure that GCRI Canada’s governance architecture remains fit for its Canadian public-benefit, non-executing, evidence-and-methods, public-good technical institution role.

17.19.1(d) The Committee shall not become a shadow Board, founder control mechanism, sponsor control mechanism, provider influence mechanism, Public Authority substitute, or executive management body.

17.19.1(e) The controlling rule shall be that the Committee protects governance capacity, independence, continuity, renewal, and mission fidelity.

***

17.19.2 Board Composition, Skills Matrix, Recruitment, Succession, Onboarding, Renewal, and Evaluation.\
17.19.2(a) The Governance and Nominating Committee shall support Board composition, skills matrix development, Director recruitment, succession planning, onboarding, renewal, and evaluation.

17.19.2(b) The Committee shall assess Board needs across Canadian nonprofit governance, legal compliance, fiduciary duty, public-benefit strategy, risk governance, evidence governance, research integrity, AI, data, cybersecurity, public-safe publication, technical asset stewardship, Public Authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, community safeguards, protected knowledge, and Nexus role separation.

17.19.2(c) Recruitment and renewal shall avoid tokenism, founder overconcentration, sponsor overrepresentation, provider overrepresentation, Public Authority confusion, capital overinfluence, technical monoculture, and stakeholder imbalance.

17.19.2(d) Onboarding shall include mission lock, non-execution, public-good stack alignment, validity-by-record, correctionability, conflicts, fiduciary duty, public authority boundaries, finance boundaries, data, AI, cybersecurity, protected knowledge, and public-safe claims discipline.

17.19.2(e) The controlling rule shall be that Board composition must be actively governed, not left to prestige, proximity, or convenience.

***

17.19.3 Director Eligibility, Independence, Conflicts, and Good Standing Review.\
17.19.3(a) The Governance and Nominating Committee shall support Director eligibility, independence, conflicts, and good-standing review.

17.19.3(b) The Committee shall review prospective and continuing Directors for legal eligibility, mission fit, independence, conflicts, reputation, capacity, fiduciary readiness, time commitment, public trust risk, sanctions or restricted-party risk where appropriate, and ability to exercise independent judgment.

17.19.3(c) The Committee shall recommend mitigation, recusal, access restriction, committee reassignment, training, requalification, non-renewal, suspension where lawful, or removal where lawful and appropriate.

17.19.3(d) The Committee shall ensure that conflicts and independence concerns are recorded and linked to Board decisions, committee assignments, access rights, and public references.

17.19.3(e) The controlling rule shall be that Director eligibility and independence require continuing review.

***

17.19.4 Governance Policy Review.\
17.19.4(a) The Governance and Nominating Committee shall support review of governance policies, procedures, schedules, charters, delegation instruments, Board processes, committee processes, and governance registers.

17.19.4(b) Governance policy review shall assess legality, Bylaw consistency, Charter consistency, mission lock, non-execution, public-good stack alignment, independence, conflicts, records discipline, public-safe publication, data governance, cybersecurity, Public Authority boundaries, finance boundaries, sponsor non-control, provider neutrality, protected knowledge, and correctionability.

17.19.4(c) The Committee shall recommend adoption, amendment, supersession, withdrawal, retirement, or corrective action for governance instruments where needed.

17.19.4(d) Governance policies shall not be allowed to become stale, inconsistent, unrecorded, unclear, or disconnected from actual practice.

17.19.4(e) The controlling rule shall be that governance instruments must remain living safeguards, not archived intentions.

***

17.19.5 Charter–Bylaw Alignment Review.\
17.19.5(a) The Governance and Nominating Committee shall support Charter–Bylaw alignment review.

17.19.5(b) Alignment review shall assess whether the Charter, Bylaw, articles where applicable, Board resolutions, policies, committee charters, delegation instruments, and operating practices remain legally consistent, procedurally compatible, mission-faithful, and records-valid.

17.19.5(c) Where Charter language, Bylaw language, policy language, or practice appears to conflict, the Committee shall recommend legal review, governance review, interpretation, amendment, supersession, or corrective action.

17.19.5(d) Alignment review shall preserve the rule that the Bylaw controls corporate mechanics where required, while the Charter guides mission interpretation, role separation, non-execution, public-good alignment, and institutional meaning where consistent with law and Bylaw.

17.19.5(e) The controlling rule shall be that constitutional coherence requires periodic alignment review.

***

17.19.6 Committee and Council Structure Review.\
17.19.6(a) The Governance and Nominating Committee shall support review of Board committees, advisory councils, Leadership Councils, Helix Councils, panels, working groups, fellow structures, technical groups, public authority learning groups, safeguards groups, and other advisory or participatory structures.

17.19.6(b) Review shall assess purpose, authority, scope, composition, conflicts, independence, records, reporting, public references, access rights, output status, public claims risk, sponsor influence, provider influence, Public Authority implications, finance implications, and closeout.

17.19.6(c) The Committee shall recommend creation, amendment, rechartering, consolidation, suspension, dissolution, or correction where structures are unclear, duplicative, stale, captured, overbroad, under-recorded, or misdescribed.

17.19.6(d) Advisory and participatory structures shall not be allowed to become shadow governance or public authority substitutes.

17.19.6(e) The controlling rule shall be that governance architecture must remain clear enough that authority cannot hide in structure.

***

17.19.7 Fiduciary Training and Governance Literacy.\
17.19.7(a) The Governance and Nominating Committee shall support fiduciary training and governance literacy for Directors and, where appropriate, Officers, committee members, advisors, council participants, and major participants.

17.19.7(b) Training shall address fiduciary duty, public-benefit purpose, nonprofit status, mission lock, non-execution, public-good stack alignment, legal separateness, Board-reserved matters, delegation, conflicts, private benefit, records discipline, correctionability, public authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, protected knowledge, data, AI, cybersecurity, controlled vocabulary, and public claims.

17.19.7(c) Training shall be refreshed where law changes, governance instruments change, Board composition changes, major risk changes, assurance findings require it, or material incidents occur.

17.19.7(d) Training records shall be maintained and linked to Director eligibility, committee participation, delegation, and assurance.

17.19.7(e) The controlling rule shall be that governance literacy is a continuing duty, not a one-time orientation.

***

17.19.8 Mission Lock, Legal Separateness, Public-Good Stack, and Non-Execution Governance Review.\
17.19.8(a) The Governance and Nominating Committee shall support review of mission lock, legal separateness, Public-Good Stack alignment, One Rail / Two Stacks discipline, Public-Good Firewall, and non-execution governance.

17.19.8(b) Review shall assess whether Board composition, committee structure, delegations, policies, funding arrangements, sponsor relationships, provider relationships, Public Authority interfaces, capital-reader interfaces, National Company interfaces, Project SPV interfaces, and Nexus interfaces preserve GCRI Canada’s role.

17.19.8(c) The Committee shall identify governance drift, role ambiguity, informal authority, founder dependency, sponsor capture, provider capture, Public Authority confusion, finance drift, execution drift, and correction gaps.

17.19.8(d) The Committee shall recommend corrective actions, including role clarification, delegation revision, committee redesign, policy amendment, public-safe notice, controlled notice, records correction, or Board escalation.

17.19.8(e) The controlling rule shall be that governance review must protect the institution’s boundaries before those boundaries are tested publicly.

***

17.19.9 Governance Corrective Actions and Board Recommendations.\
17.19.9(a) The Governance and Nominating Committee shall recommend governance corrective actions to the Board where governance gaps, independence concerns, conflicts, committee failures, delegation gaps, Board composition issues, records deficiencies, public claims risks, mission-lock risks, or Charter–Bylaw alignment issues are identified.

17.19.9(b) Corrective actions may include Board recruitment, Director training, conflict mitigation, recusal, independence review, committee rechartering, delegation revision, policy amendment, register correction, records remediation, public claims correction, public-safe notice, controlled notice, or legal review.

17.19.9(c) Recommendations shall identify the issue, authority source, risk, options, proposed action, responsible owner, timeline, record update, public-safe implication, and correction path.

17.19.9(d) Material corrective actions shall be tracked until verified and closed.

17.19.9(e) The controlling rule shall be that governance assurance must lead to governance repair.

***

17.19.10 Governance and Nominating Committee Records.\
17.19.10(a) GCRI Canada shall maintain Governance and Nominating Committee records.

17.19.10(b) Records shall include committee charter, membership, meetings, materials, recommendations, Director eligibility reviews, skills matrix, recruitment records, succession records, onboarding records, evaluation records, conflict reviews, independence reviews, Charter–Bylaw alignment reviews, governance policy reviews, committee structure reviews, training records, corrective actions, and Board reports.

17.19.10(c) Records shall identify confidentiality, privacy, public-safe status, legal review where applicable, access limits, owner, custodian, review cycle, and correction path.

17.19.10(d) Sensitive Director, candidate, conflict, independence, conduct, or legal records shall be handled with appropriate confidentiality and legal review.

17.19.10(e) The controlling rule shall be that governance review must itself be recorded, confidential where required, and correctionable.

***

### 17.20 Finance, Audit, and Internal Controls Committee

17.20.1 Finance, Audit, and Internal Controls Committee Purpose.\
17.20.1(a) The Finance, Audit, and Internal Controls Committee, where established, shall support the Board in financial stewardship, budget oversight, accounts, financial reporting, audit or review engagement, restricted funds, grants, donations, sponsorships, in-kind contributions, reserves, internal controls, anti-inurement, private benefit, compensation, related-party controls, financial risk, insurance, continuity, and finance-boundary discipline.

17.20.1(b) The Committee shall protect GCRI Canada’s nonprofit, non-share, non-distributing, public-benefit, non-executing character and shall ensure that financial sustainability does not become commercial drift, sponsor control, provider preference, pay-to-play, private benefit, finance execution, or public authority access purchase.

17.20.1(c) The Committee shall be advisory and recommending unless the Board expressly delegates specific authority consistent with law, Bylaw, budget, policies, and Board-reserved matter rules.

17.20.1(d) The Committee shall not provide investment advice, securities advice, public finance approval, lending approval, insurance approval, rating, guarantee, underwriting, brokerage, or GRA finance-readiness determinations.

17.20.1(e) The controlling rule shall be that financial oversight protects mission, independence, and lawful stewardship.

***

17.20.2 Budget, Accounts, Financial Statements, Audit or Review Engagement, Restricted Funds, Grants, Donations, Sponsorships, In-Kind Contributions, Reserves, and Fiscal Controls.\
17.20.2(a) The Finance, Audit, and Internal Controls Committee shall review budget, accounts, financial statements, audit or review engagement where applicable, accounting policies, restricted funds, grants, donations, sponsorships, in-kind contributions, reserves, fiscal controls, and financial reporting.

17.20.2(b) Budget review shall assess whether proposed revenues and expenditures are lawful, mission-compatible, public-benefit-aligned, non-controlling, properly restricted, adequately documented, and consistent with Board-approved priorities.

17.20.2(c) Restricted funds, grants, sponsorships, donations, and in-kind contributions shall be reviewed for purpose restrictions, donor or sponsor conditions, reporting obligations, unused fund treatment, public acknowledgment, conflicts, private benefit, data implications, technical dependency, and correction path.

17.20.2(d) Fiscal controls shall address authorization, segregation of duties, payment controls, reimbursement controls, procurement controls, contract controls, financial reporting, reserve management, restricted fund tracking, and record retention.

17.20.2(e) The controlling rule shall be that money, assets, and restrictions must be governed as mission-sensitive inputs.

***

17.20.3 Anti-Inurement, Private Benefit, Related-Party, Compensation, and Procurement Controls.\
17.20.3(a) The Finance, Audit, and Internal Controls Committee shall support anti-inurement, private benefit, related-party, compensation, reimbursement, stipend, contractor payment, fellow payment, advisor payment, procurement, and benefit controls.

17.20.3(b) The Committee shall review arrangements involving Directors, Officers, members where applicable, staff, contractors, fellows, advisors, sponsors, donors, funders, providers, hosts, related parties, National Companies, Project SPVs, and private persons for reasonableness, mission fit, conflicts, fair value where applicable, private benefit, and records.

17.20.3(c) Compensation and benefits shall be reasonable, documented, conflict-managed, approved by proper authority, and consistent with nonprofit and public-benefit obligations.

17.20.3(d) Procurement controls shall prevent conflicts, private benefit, provider preference, sponsor influence, market allocation, bid steering, unrecorded selection, and use of GCRI Canada resources for private advantage.

17.20.3(e) The controlling rule shall be that financial controls must prevent mission resources from becoming private benefit.

***

17.20.4 Tax, Nonprofit, Charitable-Status-Compatibility Where Applicable, and Filing Oversight.\
17.20.4(a) The Finance, Audit, and Internal Controls Committee shall support oversight of tax, nonprofit, non-share, non-distribution, public-benefit, charitable-status-compatibility where applicable, corporate filings, financial filings, grant filings, payroll filings, reporting obligations, and other financial compliance matters.

17.20.4(b) Where GCRI Canada is non-charitable unless lawfully changed, the Committee shall ensure that financial practices, public communications, donor materials, grant materials, sponsorship materials, receipts, acknowledgments, and filings do not misstate charitable status.

17.20.4(c) The Committee shall review filings for accuracy, timeliness, authority, financial consistency, restricted fund treatment, public-benefit consistency, and correction needs.

17.20.4(d) Tax or status-sensitive matters shall be escalated for legal or accounting review where risk exists.

17.20.4(e) The controlling rule shall be that legal status must be accurately reflected in financial practice and public communication.

***

17.20.5 Financial Risk, Insurance, Continuity, and Internal Control Oversight.\
17.20.5(a) The Finance, Audit, and Internal Controls Committee shall support oversight of financial risk, insurance, reserves, liquidity, continuity, fraud prevention, internal controls, business continuity, disaster recovery funding, grant dependency, sponsor dependency, provider dependency, platform dependency, and key-person financial risk.

17.20.5(b) Financial risk review shall consider revenue concentration, restricted fund constraints, unfunded obligations, contingent liabilities, contract exposure, currency exposure where applicable, cyber incident costs, data breach costs, legal risk, insurance coverage, and continuity reserves.

17.20.5(c) Insurance oversight shall consider appropriate coverage for directors and officers, cyber, privacy, professional liability where relevant, general liability, employment, events, property, and other risk areas without implying that GCRI Canada provides insurance or guarantees to others.

17.20.5(d) Internal controls shall be reviewed for effectiveness, fraud risk, payment integrity, access to financial systems, approval thresholds, documentation, and auditability.

17.20.5(e) The controlling rule shall be that financial resilience must support public-good continuity without inviting financial-services drift.

***

17.20.6 Sponsorship, Grant, and Donation Independence Review.\
17.20.6(a) The Finance, Audit, and Internal Controls Committee shall support sponsorship, grant, donation, restricted fund, and in-kind support independence review.

17.20.6(b) Independence review shall assess whether support creates or appears to create sponsor control, donor control, funder control, outcome purchase, publication suppression, public authority access purchase, provider preference, finance signaling, protected knowledge access, data access, technical asset control, or correction suppression.

17.20.6(c) Support agreements shall be reviewed for permitted use, prohibited use, acknowledgment rights, reporting obligations, public claims limits, confidentiality, data implications, IP implications, termination rights, return obligations, and correction path.

17.20.6(d) The Committee may recommend acceptance, rejection, narrowing, restriction, segregation, return, suspension, termination, or amendment of support where independence requires.

17.20.6(e) The controlling rule shall be that funds may support mission but must not direct truth.

***

17.20.7 Finance-Boundary Controls for GRA Inputs, Capital-Reader Rooms, and Public Finance References.\
17.20.7(a) The Finance, Audit, and Internal Controls Committee shall support finance-boundary controls for GRA inputs, capital-reader rooms, finance-sensitive materials, public finance references, National Company references, Project SPV references, insurance references, grant references, MDB or DFI references, and capital-readability materials.

17.20.7(b) The Committee shall help ensure that GCRI Canada materials are not used as investment advice, securities offering, solicitation, brokerage, finder activity, placement, underwriting, lending, insurance placement, rating, guarantee, capital commitment, grant approval, MDB or DFI approval, sovereign finance approval, or public finance approval.

17.20.7(c) GRA interfaces shall preserve the role of The Global Risks Alliance (GRA) and distinguish GCRI Canada’s upstream evidence inputs from GRA finance-readiness outputs where applicable.

17.20.7(d) Capital-reader and public finance materials shall include appropriate no-reliance, no-advice, no-solicitation, no-rating, no-guarantee, no-commitment, no-approval, no-public-authority-approval, and no-execution language.

17.20.7(e) The controlling rule shall be that financial literacy and evidence routing shall remain distinct from financial authority.

***

17.20.8 Audit Findings, Management Letters, Corrective Actions, and Board Reporting.\
17.20.8(a) The Finance, Audit, and Internal Controls Committee shall review audit findings, review engagement findings, management letters, internal control findings, financial compliance findings, restricted fund findings, fraud findings, compensation findings, related-party findings, sponsorship findings, grant findings, and corrective actions.

17.20.8(b) The Committee shall ensure that findings are classified, assigned, corrected, verified, and reported to the Board as appropriate.

17.20.8(c) Corrective actions shall identify owner, custodian, root cause, required action, deadline, record update, control update, training update, financial adjustment, public-safe implication, and closeout.

17.20.8(d) Material findings involving fraud, private benefit, financial misstatement, restricted fund misuse, sponsorship control, provider preference, public authority access purchase, finance-boundary breach, or legal noncompliance shall be escalated promptly.

17.20.8(e) The controlling rule shall be that financial assurance must lead to financial correction and Board visibility.

***

17.20.9 Fiscal Records, Restricted Fund Records, and Assurance.\
17.20.9(a) GCRI Canada shall maintain fiscal records, restricted fund records, sponsorship records, donation records, grant records, in-kind contribution records, contract records, compensation records, reimbursement records, reserve records, internal control records, audit records, and assurance records.

17.20.9(b) Records shall identify source, amount or value where applicable, purpose, restriction, authority, approval, conflict review, private benefit review, reporting obligation, public acknowledgment, expenditure, balance, unused fund treatment, return obligation, correction path, and closeout.

17.20.9(c) Fiscal assurance shall review whether funds and assets are properly received, restricted, used, recorded, reported, acknowledged, retained, corrected, and closed.

17.20.9(d) Fiscal records shall be retained, secured, classified, archived, and subject to legal hold where required.

17.20.9(e) The controlling rule shall be that financial stewardship must be auditable from receipt through use and closeout.

***

17.20.10 Finance, Audit, and Internal Controls Committee Records.\
17.20.10(a) GCRI Canada shall maintain Finance, Audit, and Internal Controls Committee records.

17.20.10(b) Records shall include committee charter, membership, meetings, materials, financial reports, budgets, financial statements, audit or review engagement materials, management letters, restricted fund reports, grant reports, sponsorship reviews, donation reviews, in-kind contribution reviews, internal control reviews, related-party reviews, compensation reviews, insurance reviews, continuity reviews, corrective actions, and Board reports.

17.20.10(c) Records shall identify confidentiality, legal privilege where applicable, access limits, owner, custodian, review cycle, public-safe status, and correction path.

17.20.10(d) Sensitive financial, donor, sponsor, payroll, related-party, legal, audit, or internal-control materials shall be handled with appropriate confidentiality and access restriction.

17.20.10(e) The controlling rule shall be that finance committee oversight must be recorded because financial integrity is a public-benefit trust condition.

### 17.21 Evidence, Methods, and Technical Truth Committee

17.21.1 Evidence, Methods, and Technical Truth Committee Purpose.\
17.21.1(a) The Evidence, Methods, and Technical Truth Committee, where established, shall support the Board in the oversight of GCRI Canada’s evidence doctrine, method discipline, observability methods, ontology, controlled vocabulary, technical baselines, Nexus Truth Engine Methods, Nexus Observatory Methods, evidence quality, technical truth, and correctionability.

17.21.1(b) The Committee shall assist the Board in ensuring that GCRI Canada remains an upstream evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, Open Technical Baselines, Nexus Truth Engine Methods, and Nexus Observatory Methods steward, and does not drift into recognition, finance-readiness, certification, public authority decision-making, procurement, provider preference, sponsor control, public warning, emergency command, protocol authority, market operation, or execution.

17.21.1(c) The Committee shall review, monitor, recommend, and assure evidence and methods matters within its Board-approved charter and shall not issue public-facing legitimacy, recognition, maturity status, finance-readiness, insurance-readiness, certification, protocol effect, Public Authority approval, procurement approval, or execution authority.

17.21.1(d) The Committee shall operate as a Board-supporting technical governance body, not as an independent scientific authority, regulator, certification body, standards authority, finance-readiness body, public authority, provider-selection body, or execution actor.

17.21.1(e) The controlling rule shall be that the Committee protects technical truth as evidence and method, not as downstream authority.

***

17.21.2 Evidence Doctrine, Evidence Quality, Source Lineage, Confidence, Uncertainty, Fitness-for-Purpose, and Correction.\
17.21.2(a) The Committee shall support Board oversight of evidence doctrine, evidence quality, source lineage, confidence, uncertainty, limitations, fitness-for-purpose, evidence classification, handling class, access class, public-safe status, and correction paths.

17.21.2(b) Evidence quality review shall consider completeness, accuracy, timeliness, relevance, calibration, provenance, custody, source integrity, reproducibility where appropriate, method integrity, data quality, source limitations, bias, missingness, uncertainty, dependency risk, and fitness for the intended institutional purpose.

17.21.2(c) Evidence records shall identify source lineage, authority basis, owner, custodian, creator, date, version, classification, public-safe status, confidence, uncertainty, limitations, dependencies, permitted use, prohibited use, review status, and correction path.

17.21.2(d) The Committee shall ensure that evidence is not overstated, marketed, translated, summarized, visualized, or transferred in a manner that exceeds its records, methods, confidence level, review status, public-safe status, or authority source.

17.21.2(e) Evidence error, source error, method error, outdated evidence, unsupported evidence, unsafe evidence, misleading evidence, or overbroad interpretation shall trigger correction, reclassification, downgrade, suspension, supersession, withdrawal, retraction, or other appropriate correction state.

17.21.2(f) The controlling rule shall be that evidence must remain traceable, limitation-aware, confidence-aware, and correctable.

***

17.21.3 Methods Stewardship, Method Versioning, Method Review, Method Challenge, and Method Supersession.\
17.21.3(a) The Committee shall support stewardship of GCRI Canada’s methods, method libraries, method records, evaluation logic, benchmarking logic, reproducibility logic, review gates, challenge pathways, and supersession processes.

17.21.3(b) Methods shall be versioned, documented, reviewable, challengeable, reproducible where lawful and appropriate, fit for purpose, limitation-aware, dependency-aware, public-safe where released, and linked to evidence records, source records, dataset records, model records, software records, publication records, and correction records where applicable.

17.21.3(c) Method review shall assess purpose, scope, assumptions, data requirements, source requirements, confidence treatment, uncertainty treatment, benchmark design, evaluation harness, reproducibility, peer or expert review, legal boundaries, public-safe status, safeguards, AI use, cybersecurity implications, and correction path.

17.21.3(d) Method challenge may arise from internal reviewers, external experts, Public Authorities, communities, researchers, providers, civil society actors, technical contributors, or other participants, but challenge shall not itself amend the method unless adopted through proper authority and record.

17.21.3(e) Method supersession shall identify the replaced method, replacement method, effective date, transition notes, backward compatibility, affected evidence records, affected publications, affected dashboards, affected maps, affected datasets, affected technical baselines, and downstream dependencies.

17.21.3(f) The controlling rule shall be that methods must evolve through records, review, challenge, and supersession, not silent practice.

***

17.21.4 Observability Methods, Nexus Observatory Methods, Nexus Truth Engine Methods, and Technical Baselines.\
17.21.4(a) The Committee shall support oversight of observability methods, Nexus Observatory Methods, Nexus Truth Engine Methods, Open Technical Baselines, reference architectures, evidence rails, technical validation logic, and public-good technical reference systems.

17.21.4(b) Observability methods may involve sensors, telemetry, AI-RAN, O-RAN, private wireless, DePIN records, cyber logs, Earth observation, satellite systems, geospatial systems, digital twins, dashboards, public authority inputs, community inputs, provider systems, field evidence, and degraded-mode awareness.

17.21.4(c) Nexus Truth Engine Methods shall be treated as governed evidence structuring, source-lineage, confidence, uncertainty, challengeability, verifiable compute, verifiable intelligence, and correction methods, not as autonomous authority or self-executing truth.

17.21.4(d) Technical baselines shall be reviewed for method basis, evidence basis, versioning, interoperability, public-safe status, security, privacy, export-control sensitivity, controlled technology risk, IP, licensing, provider neutrality, sponsor non-control, and correctionability.

17.21.4(e) The Committee shall ensure that observability outputs, Truth Engine outputs, technical baselines, dashboards, AI outputs, digital twins, proof receipts, blockchain anchors, confidence scores, or automated indicators are not treated as official public warnings, Public Authority decisions, finance-readiness, certification, procurement approval, provider preference, sponsor validation, protocol effect, or execution instruction by default.

17.21.4(f) The controlling rule shall be that technical observability and truth methods make evidence more legible without making GCRI Canada an authority of consequence.

***

17.21.5 Ontology, Controlled Vocabulary, Semantic Interoperability, and External Standards Mapping.\
17.21.5(a) The Committee shall support oversight of ontology, controlled vocabulary, semantic interoperability, taxonomies, schemas, data dictionaries, evidence classes, maturity concepts, public-safe terminology, and external standards mapping.

17.21.5(b) Controlled vocabulary shall govern material terms whose misuse may create legal, public authority, finance, recognition, certification, protocol, procurement, provider, sponsor, public-safe, Nexus, or execution implication.

17.21.5(c) Terms such as verified, validated, recognized, certified, approved, official, public-safe, finance-ready, insurance-ready, investment-ready, procurement-ready, mature, docketed, gridded, Nexus-compatible, protocol-conformant, proof, truth, confidence, readiness, trusted, secure, adopted, public authority, and equivalent terms shall be used only within defined meaning and proper authority.

17.21.5(d) External standards mapping shall be treated as comparative evidence, interoperability support, or learning material unless a competent standards or protocol authority creates legal or protocol effect through proper records.

17.21.5(e) The Committee shall review semantic drift, translation drift, localization divergence, public claims inflation, sponsor or provider rewording, public authority over-attribution, and finance-signaling through ambiguous terminology.

17.21.5(f) The controlling rule shall be that language governing technical truth is itself a governance control.

***

17.21.6 Evidence Inputs to GRF, GRA, Protocol Authority, Public Authorities, National Companies, Project SPVs, Providers, and Hosts.\
17.21.6(a) The Committee shall support oversight of evidence inputs provided to The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards / Protocol Authority, Public Authorities, Nexus entities, National Consortium Companies, Project SPVs, providers, hosts, universities, communities, sponsors, and capital readers.

17.21.6(b) Evidence inputs to GRF shall remain evidence inputs and shall not constitute GRF recognition, standing, maturity records, registry status, claims determinations, stakeholder-formation determinations, public-safe reporting authority, or public-facing legitimacy by GCRI Canada.

17.21.6(c) Evidence inputs to GRA shall remain upstream evidence, method, source-lineage, data quality, technical baseline, observability, or public-safe inputs and shall not constitute finance-readiness, capital-readiness, insurance-readiness, routeability, investment advice, lending approval, underwriting approval, rating, guarantee, public finance approval, or capital commitment by GCRI Canada.

17.21.6(d) Evidence inputs to Protocol Authority shall remain technical evidence and method support and shall not constitute protocol conformance, role keys, smart licenses, entitlement states, proof-receipt authority, or protocol effect by GCRI Canada.

17.21.6(e) Evidence inputs to Public Authorities, National Companies, Project SPVs, providers, and hosts shall be bounded by source authority, public-safe status, Public Authority boundary language, finance-boundary language, procurement-neutrality language, provider-neutrality language, sponsor non-control language, limitations, and correction path.

17.21.6(f) The controlling rule shall be that evidence may travel, but authority does not travel silently with it.

***

17.21.7 Technical Truth Boundary Language and No-Authority Rule.\
17.21.7(a) The Committee shall support the development, review, and correction of technical truth boundary language and the no-authority rule for evidence, methods, technical baselines, observability outputs, Truth Engine outputs, dashboards, maps, datasets, software releases, and public-safe summaries.

17.21.7(b) Boundary language shall state, where applicable, that materials do not constitute recognition, maturity status, certification, finance-readiness, insurance-readiness, investment advice, securities solicitation, brokerage, underwriting, lending, rating, guarantee, public finance approval, public authority approval, procurement approval, public warning, emergency command, provider preference, sponsor validation, protocol effect, or execution authority.

17.21.7(c) No-authority language shall be proportionate to audience, publication class, risk, Public Authority involvement, finance sensitivity, provider involvement, sponsor involvement, technical maturity, public-safe status, and likelihood of misuse.

17.21.7(d) Technical truth boundary language shall not be buried, contradicted by marketing language, removed in summaries, diluted in translations, or displaced by sponsor or provider claims.

17.21.7(e) The controlling rule shall be that technical truth must be accompanied by clear limits on what it does not authorize.

***

17.21.8 Evidence Rail Assurance and Corrective Actions.\
17.21.8(a) The Committee shall support Evidence Rail Assurance to test whether evidence, methods, observability, ontology, controlled vocabulary, technical baselines, Truth Engine Methods, Observatory Methods, and related outputs remain accurate, records-valid, public-safe, role-separated, and correctionable.

17.21.8(b) Evidence Rail Assurance shall review source lineage, evidence classification, method versioning, data quality, confidence treatment, uncertainty treatment, limitations, source permissions, public-safe status, controlled vocabulary use, downstream dependencies, and correction records.

17.21.8(c) Assurance shall identify missing records, stale evidence, unsupported claims, method drift, vocabulary drift, overbroad public claims, public authority ambiguity, finance overclaim, certification overclaim, provider preference, sponsor influence, public-safe gaps, and correction failures.

17.21.8(d) Corrective actions may include record correction, evidence reclassification, method review, method supersession, public-safe notice, controlled notice, publication correction, dashboard correction, map correction, dataset correction, technical baseline correction, access restriction, or Board escalation.

17.21.8(e) The controlling rule shall be that evidence rail integrity must be tested and repaired before error becomes institutional meaning.

***

17.21.9 Evidence, Methods, Technical Truth Registers and Records.\
17.21.9(a) GCRI Canada shall maintain Evidence, Methods, and Technical Truth registers and records under Board and Committee oversight.

17.21.9(b) Registers may include evidence registers, method registers, ontology registers, controlled vocabulary registers, benchmark registers, dataset registers, model registers, system card registers, model card registers, benchmark card registers, inference registers, Truth Engine registers, Observatory registers, technical baseline registers, source-lineage registers, challenge registers, and correction registers.

17.21.9(c) Records shall identify owner, custodian, authority source, purpose, scope, source lineage, classification, handling class, access class, public-safe status, confidence, uncertainty, limitations, dependencies, version, review status, permitted use, prohibited use, downstream interfaces, and correction path.

17.21.9(d) Registers shall be reviewed periodically for completeness, accuracy, currency, stale entries, unresolved challenges, unclosed corrections, supersession needs, and public-safe implications.

17.21.9(e) The controlling rule shall be that technical truth requires registers because memory, reputation, and informal consensus are not evidence governance.

***

17.21.10 Evidence, Methods, and Technical Truth Committee Records.\
17.21.10(a) GCRI Canada shall maintain Evidence, Methods, and Technical Truth Committee records.

17.21.10(b) Records shall include Committee charter, membership, meetings, agendas, materials reviewed, evidence reviews, method reviews, technical baseline reviews, ontology reviews, controlled vocabulary reviews, observability reviews, Truth Engine reviews, dissent notes, recommendations, decisions within delegated authority, conflicts, recusals, corrective actions, assurance findings, and Board reports.

17.21.10(c) Records shall identify confidentiality, classification, public-safe status, data sensitivity, protected knowledge status, Public Authority sensitivity, finance sensitivity, cybersecurity sensitivity, access limits, owner, custodian, review cycle, and correction path.

17.21.10(d) Sensitive technical, data, Public Authority, cyber, infrastructure, finance, community-protected, or protected knowledge materials shall be handled through controlled annexes, restricted records, clean rooms, data rooms, or other secure methods where required.

17.21.10(e) The controlling rule shall be that the Committee’s own work must be evidence-grade, records-valid, and correctionable.

***

### 17.22 Research Integrity, Ethics, and Publication Committee

17.22.1 Research Integrity, Ethics, and Publication Committee Purpose.\
17.22.1(a) The Research Integrity, Ethics, and Publication Committee, where established, shall support the Board in oversight of research integrity, research ethics, publication discipline, peer review, expert review, reproducibility, public-safe publication, claims substantiation, dashboards, maps, datasets, whitepapers, technical notes, controlled annexes, media statements, correction, withdrawal, retraction, and publication assurance.

17.22.1(b) The Committee shall ensure that GCRI Canada’s research and publication activities remain lawful, ethical, public-benefit-aligned, non-executing, evidence-based, method-supported, limitation-aware, public-safe, controlled-vocabulary-compliant, and correctionable.

17.22.1(c) The Committee shall not function as a university research ethics board unless lawfully constituted for that purpose, shall not replace competent external ethics review where required, and shall not convert publications into recognition, finance-readiness, certification, Public Authority guidance, procurement approval, provider preference, sponsor validation, public warning, emergency command, or execution authority.

17.22.1(d) The Committee shall support the Board by reviewing risk, recommending publication conditions, monitoring integrity controls, responding to publication incidents, and escalating high-risk matters.

17.22.1(e) The controlling rule shall be that research and publication must advance public-good truth without creating unsafe reliance or unauthorized authority.

***

17.22.2 Research Agenda, Research Protocols, Research Ethics, Human-Subjects Review, Community Review, Peer Review, Reproducibility, and Publication Integrity.\
17.22.2(a) The Committee shall support review of GCRI Canada’s research agenda, research protocols, research ethics, human-subjects review where applicable, community review, Indigenous and protected knowledge review, peer review, expert review, reproducibility, replication, and publication integrity.

17.22.2(b) Research protocols shall identify purpose, research question, lawful basis, ethics requirements, data sources, data classes, participant protections, community safeguards, protected knowledge controls, AI use, methods, peer or expert review needs, publication plan, limitations, conflicts, sponsor or provider roles, and correction path.

17.22.2(c) Human-subjects, community, Indigenous, local, territorial, cultural, environmental, health-sensitive, vulnerable-person, Public Authority, and protected knowledge research shall require heightened review where applicable.

17.22.2(d) Peer review and expert review shall be proportionate to research risk, public impact, technical complexity, public authority relevance, finance relevance, safeguards risk, publication class, and potential public reliance.

17.22.2(e) Reproducibility shall be pursued where lawful, appropriate, safe, and proportionate, without requiring disclosure of personal, Public Authority, cyber-sensitive, infrastructure-sensitive, health-sensitive, finance-sensitive, community-protected, protected knowledge, controlled technology, or confidential materials.

17.22.2(f) The controlling rule shall be that research integrity requires protocol, review, safeguards, limitation discipline, and correctionability.

***

17.22.3 Publication Authority, Public-Safe Publication, Controlled Annexes, Dashboards, Maps, Datasets, Whitepapers, Technical Notes, and Media Statements.\
17.22.3(a) The Committee shall support oversight of publication authority, public-safe publication, controlled annexes, restricted annexes, dashboards, maps, datasets, whitepapers, reports, technical notes, Academy materials, public authority learning materials, media statements, social media statements, websites, speeches, interviews, and other public communications.

17.22.3(b) Publication authority shall be records-valid and shall identify approver, publication class, evidence basis, method basis, review status, public-safe status, audience, scope, limitations, controlled vocabulary, boundary language, and correction path.

17.22.3(c) Public-safe publication shall use redaction, aggregation, generalization, non-attribution, delay, masking, public-safe summaries, controlled annexes, restricted annexes, and access controls where necessary to prevent harm.

17.22.3(d) Dashboards and maps shall be treated as evidence visualizations, not official public warnings, Public Authority decisions, finance-readiness instruments, procurement tools, provider rankings, sponsor claims, or execution instructions by default.

17.22.3(e) Dataset releases, technical notes, software release notes, API documentation, and schemas shall be reviewed for privacy, re-identification risk, protected knowledge, cybersecurity, export-control risk, IP, licensing, public-safe status, and boundary language.

17.22.3(f) The controlling rule shall be that publication authority must match publication risk.

***

17.22.4 Claims Substantiation, Controlled Vocabulary, Impact Claims, Technical Claims, and Correction.\
17.22.4(a) The Committee shall support claims substantiation, controlled vocabulary discipline, impact claims review, technical claims review, Public Authority claims review, finance-reference review, provider-reference review, sponsor-reference review, and correction.

17.22.4(b) Public claims shall require supporting records, source authority, method authority, review status, public-safe status, limitation language, conflicts disclosure where appropriate, and correction path.

17.22.4(c) Technical claims concerning performance, accuracy, reliability, resilience, coverage, security, privacy, interoperability, scalability, readiness, validation, verification, safety, or maturity shall be supported by technical evidence records, benchmark records, method records, review records, and proper scope.

17.22.4(d) Impact claims shall avoid counterfactual overclaim, causal overclaim, attribution inflation, sponsor amplification, narrative acceleration, and maturity inflation.

17.22.4(e) Controlled vocabulary shall be used for material Charter and Nexus terms and shall not be diluted by marketing language, translation, sponsor wording, provider wording, media summaries, or social media simplification.

17.22.4(f) Unsupported, misleading, inflated, unsafe, stale, or unauthorized claims shall require correction, clarification, withdrawal, retraction, public-safe notice, controlled notice, or other correction state.

17.22.4(g) The controlling rule shall be that no publication claim may exceed its source record.

***

17.22.5 Sponsor, Provider, Public Authority, University, Community, and Capital-Reader Role Disclosures.\
17.22.5(a) The Committee shall support review of sponsor, donor, funder, provider, host, Public Authority, university, laboratory, community, civil society, media, capital-reader, National Company, Project SPV, and Nexus role disclosures in research and publications.

17.22.5(b) Role disclosures shall identify support, funding, in-kind contribution, data contribution, technical contribution, review role, Public Authority participation, university role, community participation, protected knowledge involvement, capital-reader access, provider involvement, sponsor involvement, and any limitations on use.

17.22.5(c) Disclosure shall not imply endorsement, adoption, certification, recognition, finance-readiness, procurement approval, Public Authority approval, sponsor validation, provider preference, public warning, emergency command, public-private partnership, public adoption, or execution authority.

17.22.5(d) Sponsor and provider disclosures shall preserve independence and shall not permit outcome purchase, publication suppression, method capture, data selection capture, reviewer selection capture, or correction suppression.

17.22.5(e) Public Authority disclosures shall preserve capacity classification, non-endorsement, reference approval, data limits, and public-safe status.

17.22.5(f) The controlling rule shall be that role disclosure must make influence visible without creating false authority.

***

17.22.6 AI-Assisted Research and Publication Controls.\
17.22.6(a) The Committee shall support oversight of AI-assisted research and publication controls.

17.22.6(b) AI assistance in research, writing, summarization, translation, coding, analysis, visualization, review, retrieval, classification, and evidence synthesis shall be treated as governed tool use, not research authority.

17.22.6(c) Material AI use shall require disclosure where appropriate, model register entry, inference records for material outputs, source verification, human review, hallucination control, false citation control, bias review, data leakage review, public-safe review, and correction path.

17.22.6(d) Sensitive, confidential, personal, Public Authority, health-sensitive, cyber-sensitive, infrastructure-sensitive, finance-sensitive, community-protected, protected knowledge, controlled technology, or restricted materials shall not be entered into unauthorized AI systems.

17.22.6(e) AI outputs shall not be treated as evidence conclusions, citations, authority, public warnings, Public Authority decisions, finance-readiness, certification, recognition, protocol effect, provider preference, sponsor validation, or execution instructions by default.

17.22.6(f) The controlling rule shall be that AI may assist publication, but human accountability and records remain mandatory.

***

17.22.7 Publication Incidents, Retractions, Withdrawals, and Public-Safe Notices.\
17.22.7(a) The Committee shall support oversight of publication incidents, correction, clarification, errata, reclassification, downgrade, suspension, supersession, withdrawal, retraction, archive, sealing, public-safe notices, and controlled notices.

17.22.7(b) Publication incidents include unsupported claims, false citations, AI hallucinations, method errors, source errors, public authority misdescription, finance overclaim, recognition overclaim, certification overclaim, protocol overclaim, provider preference, sponsor control, privacy breach, protected knowledge exposure, public-safe mapping error, media misquotation, or public harm.

17.22.7(c) Incident response shall include intake, triage, severity classification, hold or quarantine, owner and custodian assignment, review, boundary review, public-safe review, correction-state decision, approval, notice, implementation, downstream dependency review, closure, archive, and lessons learned.

17.22.7(d) Retractions and withdrawals shall be issued where materials are materially inaccurate, misleading, unauthorized, unsafe, unsupported, overbroad, or harmful and cannot be adequately corrected by lesser means.

17.22.7(e) Public-safe notices shall explain correction sufficiently to prevent misunderstanding without exposing sensitive, personal, Public Authority, cyber-sensitive, infrastructure-sensitive, finance-sensitive, community-protected, or protected knowledge materials.

17.22.7(f) The controlling rule shall be that publication failure must be corrected in the channel where reliance may arise.

***

17.22.8 Public Communications Assurance.\
17.22.8(a) The Committee shall support Public Communications Assurance for GCRI Canada publications, websites, media statements, social media, speeches, interviews, public reports, dashboards, maps, datasets, technical releases, sponsor acknowledgments, provider references, Public Authority references, and Nexus references.

17.22.8(b) Assurance shall test whether public communications are authorized, accurate, evidence-supported, method-supported, controlled-vocabulary-compliant, public-safe, non-overclaiming, limitation-aware, boundary-compliant, accessible where appropriate, and correctionable.

17.22.8(c) Assurance shall identify stale materials, unsupported claims, ambiguous authority, Public Authority overclaim, finance overclaim, recognition overclaim, certification overclaim, provider preference, sponsor influence, unsafe maps, data exposure, AI failures, media misdescriptions, and missing correction paths.

17.22.8(d) Corrective actions may include updated language, public-safe notice, controlled notice, website correction, social media correction, media correction, publication correction, withdrawal, retraction, access restriction, training, or Board escalation.

17.22.8(e) The controlling rule shall be that public communication must be periodically tested because public meaning drifts after publication.

***

17.22.9 Research and Publication Registers.\
17.22.9(a) GCRI Canada shall maintain Research and Publication registers under Board and Committee oversight.

17.22.9(b) Registers may include research protocol registers, ethics review registers, peer review registers, expert review registers, reproducibility registers, research output registers, publication registers, dashboard registers, map registers, dataset release registers, technical note registers, whitepaper registers, media statement registers, public claims registers, disclaimer registers, AI-assisted publication registers, correction registers, withdrawal registers, retraction registers, and archive registers.

17.22.9(c) Registers shall identify owner, custodian, authority, publication class, evidence basis, method basis, review status, conflicts, sponsor or provider role, Public Authority references, data classes, AI use, public-safe status, limitations, boundary language, version, effective date, correction path, and downstream dependencies.

17.22.9(d) Registers shall be reviewed for completeness, stale materials, missing approvals, unresolved corrections, public-safe risk, boundary gaps, and assurance findings.

17.22.9(e) The controlling rule shall be that research and publication governance must be register-valid because public reliance attaches to published materials.

***

17.22.10 Research Integrity, Ethics, and Publication Committee Records.\
17.22.10(a) GCRI Canada shall maintain Research Integrity, Ethics, and Publication Committee records.

17.22.10(b) Records shall include Committee charter, membership, meetings, agendas, research protocol reviews, ethics reviews, community reviews, peer reviews, expert reviews, publication approvals, controlled annex reviews, public-safe publication reviews, claims reviews, AI-use reviews, incident reviews, correction decisions, dissent notes, recommendations, assurance findings, and Board reports.

17.22.10(c) Records shall identify confidentiality, legal privilege where applicable, classification, public-safe status, personal information status, Public Authority Data status, protected knowledge status, cyber-sensitive status, infrastructure-sensitive status, finance-sensitive status, owner, custodian, access limits, review cycle, and correction path.

17.22.10(d) Sensitive research, personal, health-sensitive, Public Authority, community-protected, protected knowledge, legal, cyber-sensitive, or finance-sensitive materials shall be handled with appropriate access restrictions and controlled annexes.

17.22.10(e) The controlling rule shall be that research and publication oversight must itself be ethical, records-valid, and correctionable.

***

### 17.23 Data, AI, Cybersecurity, and Technology Governance Committee

17.23.1 Data, AI, Cybersecurity, and Technology Governance Committee Purpose.\
17.23.1(a) The Data, AI, Cybersecurity, and Technology Governance Committee, where established, shall support the Board in oversight of privacy, data rights, rights-bearing data, sovereign data zones, compute-to-data, cross-border transfers, data localization, AI governance, cybersecurity, secure collaboration, controlled rooms, clean rooms, repository security, secure release, incident response, breach handling, public-good software, Open Technical Baselines, IP, licensing, anti-enclosure, third-party risk, and technical asset maintenance.

17.23.1(b) The Committee shall help ensure that GCRI Canada’s data, AI, cybersecurity, and technology systems remain lawful, secure, purpose-bound, public-benefit-aligned, non-executing, public-safe, anti-capture, anti-enclosure, and correctionable.

17.23.1(c) The Committee shall not operate technical systems as an execution actor, Public Authority, emergency command center, market infrastructure operator, certification body, finance actor, or provider-selection body.

17.23.1(d) The Committee shall review, monitor, recommend, assure, and escalate data, AI, cybersecurity, and technology governance matters within its Board-approved charter.

17.23.1(e) The controlling rule shall be that technical governance must protect rights, systems, public-good assets, and institutional trust.

***

17.23.2 Privacy, Data Rights, Rights-Bearing Data, Sovereign Data Zones, Compute-to-Data, Cross-Border Transfers, and Data Localization.\
17.23.2(a) The Committee shall support oversight of privacy, data rights, rights-bearing data, sovereign data zones, compute-to-data, cross-border transfers, data localization, data minimization, purpose limitation, lawful basis, access rights, correction rights, deletion rights, restriction rights, complaints, grievances, remedies, and retention.

17.23.2(b) Rights-bearing data shall include data that may affect human rights, dignity, privacy, safety, access, inclusion, exclusion, reputation, Public Authority treatment, community interests, cultural integrity, protected knowledge, or public trust.

17.23.2(c) Sovereign data zones shall be reviewed as governance instruments for jurisdictional respect, localization, access controls, logging, auditability, segregation, compute-to-data, conflict-of-law control, and lawful processing.

17.23.2(d) Cross-border transfer shall be treated as an exception requiring legal, privacy, cybersecurity, classification, safeguards, Public Authority, protected knowledge, conflict-of-law, and public-safe review where applicable.

17.23.2(e) Data localization and compute-to-data requirements shall be determined by law, agreements, Public Authority terms, community safeguards, protected knowledge controls, sovereign expectations, and institutional trust.

17.23.2(f) The controlling rule shall be that data governance must preserve rights, sovereignty, locality, and correctionability.

***

17.23.3 Model Governance, Model Register, Inference Records, Agentic AI, AI Incidents, AI Data Use, and Human Review.\
17.23.3(a) The Committee shall support oversight of model governance, model registers, inference records, agentic AI, AI data use, AI incidents, retrieval, embeddings, prompt controls, model evaluation, human review, and AI output correction.

17.23.3(b) Material AI use shall require authority, purpose, model register entry, data classification, retrieval-source review, AI-use limits, human review where required, inference records for material outputs, public-safe review where external reliance is possible, and correction path.

17.23.3(c) Unauthorized training, fine-tuning, embedding, retrieval indexing, model improvement, prompt upload, or AI processing of restricted, confidential, personal, rights-bearing, Public Authority, health-sensitive, cyber-sensitive, infrastructure-sensitive, finance-sensitive, community-protected, protected knowledge, or controlled technology materials shall be prohibited.

17.23.3(d) Agentic AI shall not execute institutional, public authority, financial, procurement, emergency, legal, publication, access, technical-release, data-transfer, or governance actions without recorded authority, human accountability, access controls, logs, and review gates proportionate to risk.

17.23.3(e) AI incidents shall include hallucination, false citation, data leakage, unauthorized training, unauthorized embedding, unauthorized retrieval, harmful output, bias, drift, overclaim, unsafe publication, or unauthorized action.

17.23.3(f) The controlling rule shall be that AI may support evidence and methods but shall not replace authority, records, review, or human accountability.

***

17.23.4 Cybersecurity, Secure Collaboration, Controlled Rooms, Clean Rooms, Repository Security, Secure Release, Incident Response, and Breach Handling.\
17.23.4(a) The Committee shall support oversight of cybersecurity, secure collaboration, controlled rooms, clean rooms, data rooms, evidence rooms, Public Authority rooms, capital-reader rooms, no-download rooms, repository security, secure development, software supply-chain security, secure release, incident response, and breach handling.

17.23.4(b) Cybersecurity oversight shall include system classification, asset registers, identity and access controls, privileged access, MFA where required, key management, token management, secrets management, secure collaboration systems, logging, monitoring, vulnerability management, patching, backup, disaster recovery, third-party security, and incident readiness.

17.23.4(c) Controlled rooms and clean rooms shall be governed by purpose, classification, participant eligibility, role classification, access terms, confidentiality, AI-use restrictions, data minimization, output review, copy controls, download controls, logging, public claims limits, and closeout.

17.23.4(d) Repository security shall include branch protection, review requirements, maintainer roles, merge authority, release authority, commit signing, tag signing, release signing, hashing, provenance, secrets scanning, dependency scanning, SBOM, and incident response.

17.23.4(e) Breach handling shall include identification, preservation, affected-data determination, harm assessment, notification where required or appropriate, public-safe communication, remediation, access revocation, deletion, sealing, correction, withdrawal, retraction, lessons learned, and Board reporting where material.

17.23.4(f) The controlling rule shall be that cybersecurity is institutional governance, not technical housekeeping.

***

17.23.5 Public-Good Software, Open Technical Baselines, Reference Architectures, IP, Licensing, Anti-Enclosure, and Technical Asset Maintenance.\
17.23.5(a) The Committee shall support oversight of public-good software, Open Technical Baselines, reference architectures, repositories, schemas, APIs, data contracts, technical documentation, IP, licensing, open-source obligations, contributor terms, moral rights treatment where applicable, anti-enclosure, secure release, and maintenance.

17.23.5(b) Public-good software and technical baselines shall be governed as mission assets whose integrity depends on versioning, security, documentation, maintainer accountability, license clarity, public-safe release, dependency review, SBOM, vulnerability management, correction, and continuity.

17.23.5(c) IP and licensing review shall protect public-good reuse, license compatibility, attribution accuracy, contributor authority, third-party rights, export-control constraints, protected knowledge controls, public-safe status, and anti-enclosure.

17.23.5(d) Anti-enclosure review shall prevent sponsors, providers, vendors, contributors, maintainers, National Companies, Project SPVs, or private actors from obtaining hidden control, proprietary gatekeeping, exclusive constitutional leverage, vendor lock-in, or market allocation through public-good assets.

17.23.5(e) Technical asset maintenance shall address owner, custodian, maintainer, version, support status, known issues, dependency updates, vulnerability handling, retirement, archive, migration, and continuity.

17.23.5(f) The controlling rule shall be that technical assets must remain public-good, secure, maintainable, and not privately enclosed.

***

17.23.6 Third-Party, Vendor, Provider, Cloud, AI Provider, Repository Provider, and Subprocessor Risk.\
17.23.6(a) The Committee shall support oversight of third-party, vendor, provider, cloud, AI provider, repository provider, cybersecurity provider, software provider, data provider, compute provider, and subprocessor risk.

17.23.6(b) Third-party review shall assess security, privacy, confidentiality, data residency, data transfer, AI-use terms, model-training restrictions, product-improvement restrictions, deletion, breach notice, audit rights, access controls, subprocessor limits, IP, licensing, continuity, availability, interoperability, export controls, sanctions, and exit rights.

17.23.6(c) No third party shall use GCRI Canada data, prompts, embeddings, outputs, repositories, materials, technical assets, public authority data, community-protected data, or protected knowledge for model training, product improvement, marketing, resale, benchmarking, secondary use, or unrelated analytics without recorded authority and lawful basis.

17.23.6(d) Third-party dependency shall be reviewed for vendor lock-in, platform dependency, data lock-in, technical dependency, sponsor capture, provider capture, inability to delete, inability to migrate, inability to audit, inability to correct, and business continuity risk.

17.23.6(e) The controlling rule shall be that GCRI Canada may use third parties but shall not outsource its governance duties.

***

17.23.7 Public-Safe Data and Technical Release Review.\
17.23.7(a) The Committee shall support public-safe data and technical release review before external release or controlled distribution of datasets, dashboards, maps, APIs, schemas, software, technical baselines, models, documentation, release notes, public-good software, or technical reference systems.

17.23.7(b) Review shall assess data classes, re-identification risk, mosaic effect, group harm, community harm, Public Authority Data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, finance-sensitive data, protected knowledge, IP, licensing, export-control risk, sanctions risk, controlled technology, cybersecurity, SBOM, dependency risk, and public-safe status.

17.23.7(c) Release materials shall include version, scope, dependencies, known issues, security status, license, maintainer, limitations, boundary language, correction path, withdrawal path, and archive path.

17.23.7(d) Technical releases shall not imply certification, warranty, provider preference, Public Authority approval, procurement approval, finance-readiness, protocol effect, or execution authority by default.

17.23.7(e) The controlling rule shall be that technical release is a governance act where public reliance, safety, security, or public-good assets may be affected.

***

17.23.8 Data / AI / Cyber Assurance and Corrective Actions.\
17.23.8(a) The Committee shall support Data / AI / Cyber Assurance and related corrective actions.

17.23.8(b) Assurance shall review data inventories, processing registers, data-sharing registers, Public Authority Data records, sovereign data zone records, cross-border transfer records, AI-use records, model registers, inference records, cybersecurity registers, access registers, repository records, incident records, breach records, third-party records, and technical release records.

17.23.8(c) Assurance shall identify unauthorized access, overbroad access, stale access, missing lawful basis, data overcollection, unauthorized AI use, missing model register entries, missing inference records, weak cybersecurity controls, secrets exposure, repository weakness, insecure release, breach-handling gaps, third-party risk, and correction failures.

17.23.8(d) Corrective actions may include access revocation, data deletion, sealing, reclassification, model restriction, embedding deletion where feasible, retrieval restriction, repository freeze, key rotation, credential revocation, patching, public-safe notice, controlled notice, incident response, training, or Board escalation.

17.23.8(e) The controlling rule shall be that assurance must result in corrected systems, corrected records, and reduced risk.

***

17.23.9 Data, AI, Cybersecurity, Technology Asset, Incident, and Breach Registers.\
17.23.9(a) GCRI Canada shall maintain Data, AI, Cybersecurity, Technology Asset, Incident, and Breach registers under Board and Committee oversight.

17.23.9(b) Registers may include data inventories, processing registers, data source registers, data-sharing registers, public authority data registers, sovereign data zone registers, cross-border transfer registers, data access registers, AI-use registers, model registers, inference registers, embedding registers where applicable, retrieval registers where applicable, system registers, asset registers, identity and access registers, privileged access registers, key and secret registers, repository registers, SBOM registers, vulnerability registers, patch registers, secure release registers, third-party registers, incident registers, breach registers, and continuity registers.

17.23.9(c) Registers shall identify owner, custodian, authority, purpose, classification, access class, handling class, data class, AI-use status, public-safe status, cybersecurity controls, transfer limits, retention, deletion, third-party involvement, dependencies, incident status, breach status, correction path, and closeout.

17.23.9(d) Registers shall be reviewed periodically for completeness, stale entries, access drift, missing correction, unresolved incidents, third-party exposure, and assurance findings.

17.23.9(e) The controlling rule shall be that data, AI, cybersecurity, and technical asset governance requires registers because risk cannot be governed when invisible.

***

17.23.10 Data, AI, Cybersecurity, and Technology Governance Committee Records.\
17.23.10(a) GCRI Canada shall maintain Data, AI, Cybersecurity, and Technology Governance Committee records.

17.23.10(b) Records shall include Committee charter, membership, meetings, agendas, materials reviewed, data reviews, AI reviews, model governance reviews, cybersecurity reviews, repository reviews, controlled room reviews, clean room reviews, third-party reviews, secure release reviews, incident reviews, breach reviews, assurance findings, corrective actions, dissent notes, recommendations, and Board reports.

17.23.10(c) Records shall identify confidentiality, classification, legal privilege where applicable, public-safe status, data sensitivity, AI sensitivity, cybersecurity sensitivity, Public Authority sensitivity, protected knowledge status, finance sensitivity, owner, custodian, access limits, review cycle, and correction path.

17.23.10(d) Sensitive records shall be handled through restricted access, controlled annexes, legal files, incident rooms, cybersecurity repositories, clean rooms, or other secure means where required.

17.23.10(e) The controlling rule shall be that technology governance must be recorded securely because the records themselves may be sensitive assets.

***

### 17.24 Public Authority, Safeguards, and Community Committee

17.24.1 Public Authority, Safeguards, and Community Committee Purpose.\
17.24.1(a) The Public Authority, Safeguards, and Community Committee, where established, shall support the Board in oversight of Public Authority learning, capacity classification, non-endorsement, public warning boundary, emergency command boundary, regulatory boundary, procurement boundary, funding boundary, public finance boundary, community safeguards, protected knowledge, public-safe mapping, grievances, remedies, accessibility, do-no-harm, and public trust.

17.24.1(b) The Committee shall help ensure that GCRI Canada’s engagement with Public Authorities, Indigenous governments, communities, local actors, civil society, media, sponsors, providers, universities, protected knowledge holders, and public-interest participants remains lawful, respectful, public-safe, non-extractive, non-executing, non-delegating, non-endorsing, and correctionable.

17.24.1(c) The Committee shall not become a Public Authority, regulator, procurement body, public finance actor, emergency command actor, public warning authority, community representative by default, Indigenous governance substitute, or public consent-granting body.

17.24.1(d) The Committee shall review, recommend, monitor, assure, and escalate public authority and safeguard matters within its Board-approved charter.

17.24.1(e) The controlling rule shall be that public trust depends on preserving authority boundaries while protecting communities, knowledge, and public-safe meaning.

***

17.24.2 Public Authority Learning, Capacity Classification, Non-Endorsement, Public Warning Boundary, Emergency Command Boundary, Regulatory Boundary, Procurement Boundary, Funding Boundary, and Public Finance Boundary.\
17.24.2(a) The Committee shall support oversight of Public Authority learning, capacity classification, non-endorsement, public warning boundary, emergency command boundary, regulatory boundary, procurement boundary, funding boundary, public finance boundary, and Public Authority reference discipline.

17.24.2(b) Public Authority learning shall support evidence literacy, technical literacy, AI literacy, cyber literacy, data governance literacy, observability interpretation, public-safe claims literacy, scenario learning, simulation learning, tabletop learning, and after-action learning.

17.24.2(c) Public Authority participation shall be capacity-classified before public reference, including official capacity, observer status, regulator-listening status, public finance reader status, emergency-management participation, public health participation, public infrastructure participation, Indigenous government participation, personal capacity, non-attributable participation, data-provider status, or other applicable capacity.

17.24.2(d) Public Authority participation shall not imply endorsement, adoption, regulation, procurement approval, funding approval, public finance approval, public warning, emergency command, public-private partnership, public adoption, safe harbor, compliance determination, or sovereign obligation.

17.24.2(e) Public warning-like, emergency-like, regulatory-like, procurement-sensitive, funding-sensitive, or public-finance-sensitive materials shall require heightened review, boundary language, legal review where appropriate, and correction path.

17.24.2(f) The controlling rule shall be that Public Authority engagement must improve learning without transferring public authority.

***

17.24.3 Indigenous, Community, Local, Territorial, Cultural, Environmental, and Protected Knowledge Safeguards.\
17.24.3(a) The Committee shall support oversight of Indigenous, community, local, territorial, cultural, environmental, and Protected Knowledge safeguards.

17.24.3(b) Protected knowledge shall not be treated as ordinary data, public-domain content, open data, AI training material, unrestricted evidence, repository content, dashboard content, map content, publication material, or institutional property by default.

17.24.3(c) Safeguards shall address consent or non-consent where applicable, authority, purpose limitation, attribution, non-attribution, withdrawal, review, grievance, remedy, public-safe mapping, AI-use limits, data handling, access controls, publication limits, sponsor limits, provider limits, Public Authority use limits, and correction paths.

17.24.3(d) GCRI Canada shall not extract, map, model, publish, train on, embed, retrieve, commercialize, display, transfer, or reuse protected knowledge beyond recorded authority, community safeguards, legal requirements, public-safe review, and correction obligations.

17.24.3(e) Where protocol is uncertain, contested, oral, plural, evolving, or not fully formalized, the Committee shall recommend caution, narrowing, restriction, delay, community review, protected handling, or refusal.

17.24.3(f) The controlling rule shall be that protected knowledge participation begins from respect and restraint, not default use.

***

17.24.4 Community Participation, Consent / Non-Consent, Grievance, Remedy, Non-Retaliation, Accessibility, and Do-No-Harm.\
17.24.4(a) The Committee shall support oversight of community participation, consent or non-consent, grievance, remedy, non-retaliation, accessibility, protected participation, and do-no-harm.

17.24.4(b) Community participation shall be treated as protected participation, not extraction, social-license manufacturing, public relations, sponsor validation, provider validation, or public authority endorsement by proxy.

17.24.4(c) Consent or non-consent processes, where applicable, shall be recorded, purpose-bound, understandable, accessible, revocable or limited as stated, and linked to data, AI, publication, mapping, dashboard, repository, Public Authority, sponsor, provider, and correction records.

17.24.4(d) Grievance and remedy pathways shall permit good-faith concerns, dissent, correction requests, safeguards objections, data concerns, AI concerns, public authority concerns, protected knowledge concerns, publication concerns, and public claims concerns without retaliation.

17.24.4(e) Accessibility shall support meaningful participation and public-safe understanding without diluting operative legal meaning or creating misleading simplification.

17.24.4(f) The controlling rule shall be that community participation must be safe enough to challenge the institution.

***

17.24.5 Public-Safe Mapping and Sensitive Location Review.\
17.24.5(a) The Committee shall support oversight of public-safe mapping and sensitive location review.

17.24.5(b) Mapping and geospatial outputs involving communities, Indigenous knowledge, Local knowledge, Territorial knowledge, Cultural knowledge, Environmental knowledge, Protected Knowledge, infrastructure, hazards, public authority data, vulnerable communities, protected persons, or sensitive sites shall require public-safe mapping review.

17.24.5(c) Review shall assess resolution, precision, timing, location sensitivity, sacred sites, cultural sites, protected species, sensitive habitats, infrastructure-sensitive locations, vulnerable communities, protected persons, re-identification risk, targeting risk, stigma risk, surveillance risk, extraction risk, media misuse, sponsor misuse, provider misuse, and Public Authority implications.

17.24.5(d) Controls may include masking, aggregation, generalization, resolution reduction, delayed release, layer suppression, non-attribution, removal of coordinates, controlled annexes, controlled room access, no-download restrictions, or non-publication.

17.24.5(e) Maps shall not become official public warnings, Public Authority decisions, public hazard notices, procurement tools, finance signals, provider rankings, or execution instructions by default.

17.24.5(f) The controlling rule shall be that maps must protect the people, places, systems, and knowledge they represent.

***

17.24.6 Public Authority References, Public Authority Data, Public Authority Rooms, and Public Authority Communications.\
17.24.6(a) The Committee shall support oversight of Public Authority references, Public Authority Data, Public Authority rooms, public authority learning materials, and Public Authority communications.

17.24.6(b) Public Authority names, logos, titles, agency names, jurisdictions, quotes, photos, attendance, data contributions, and room participation shall require approval and capacity classification where risk exists.

17.24.6(c) Public Authority Data shall be governed by authority, capacity, scope, permitted use, disclosure limits, AI-use limits, retention, transfer, publication, security, public-safe release, and correction terms.

17.24.6(d) Public Authority rooms shall define entry criteria, role classification, access limits, confidentiality, data handling, AI-use restrictions, sponsor and provider co-presence rules, public claims limits, materials index, logs, outputs, and closeout.

17.24.6(e) Public Authority communications shall not imply endorsement, adoption, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, public-private partnership, public adoption, or sovereign obligation unless competent Public Authority records create that meaning outside GCRI Canada.

17.24.6(f) The controlling rule shall be that Public Authority references and data require precision because they carry sovereign meaning.

***

17.24.7 Sponsor and Provider Access to Public Authority Interfaces.\
17.24.7(a) The Committee shall support oversight of sponsor and provider access to Public Authority interfaces.

17.24.7(b) Sponsor or provider access to Public Authority rooms, public authority learning sessions, dashboards, maps, technical demonstrations, scenario exercises, controlled rooms, Nexus Universe activities, or public authority-facing materials shall be reviewed for public authority access purchase, procurement sensitivity, provider preference, sponsor control, competition risk, finance signaling, public claims risk, and public trust risk.

17.24.7(c) Sponsors and providers shall not use Public Authority co-presence, attendance, listening status, dashboard access, map access, data contribution, or participation to claim endorsement, adoption, procurement advantage, regulatory approval, funding approval, public finance approval, finance-readiness, certification, recognition, or Nexus-compatible status.

17.24.7(d) Where sponsor or provider presence risks Public Authority confusion, the Committee may recommend separation, role classification, do-not-discuss rules, attendance limits, no-public-reference rules, no-logo rules, public claims pre-review, or denial of access.

17.24.7(e) The controlling rule shall be that Public Authority interfaces must not become sponsor or provider advantage channels.

***

17.24.8 Safeguards Incidents, Public Authority Misdescription, Community Harm, and Corrective Actions.\
17.24.8(a) The Committee shall support oversight of safeguards incidents, Public Authority misdescription, community harm, protected knowledge incidents, public-safe mapping incidents, public authority data incidents, media misdescription, sponsor or provider misuse, and corrective actions.

17.24.8(b) Safeguards incidents include unauthorized protected knowledge use, unsafe mapping, unwanted attribution, community misdescription, consent breach, non-consent breach, grievance mishandling, retaliation, protected person exposure, vulnerable community exposure, Public Authority data misuse, or public-safe publication failure.

17.24.8(c) Public Authority misdescription includes overstatement of attendance, endorsement, adoption, approval, procurement, funding, regulation, public finance, public warning, emergency command, official guidance, or sovereign obligation.

17.24.8(d) Corrective actions may include immediate hold, access restriction, public-safe correction notice, controlled correction notice, withdrawal, retraction, map restriction, dashboard correction, dataset withdrawal, AI remediation where feasible, Public Authority clarification, community remedy, apology where appropriate, safeguards redesign, or Board escalation.

17.24.8(e) The controlling rule shall be that harm, misdescription, and safeguard failure require repair, not reputational management alone.

***

17.24.9 Public Authority, Safeguards, Community, and Protected Knowledge Registers.\
17.24.9(a) GCRI Canada shall maintain Public Authority, Safeguards, Community, and Protected Knowledge registers under Board and Committee oversight.

17.24.9(b) Registers may include Public Authority participation registers, capacity classification registers, Public Authority reference approval registers, Public Authority Data registers, Public Authority room registers, community participation registers, protected knowledge registers, consent / non-consent registers where applicable, grievance registers, remedy registers, non-retaliation registers, public-safe mapping registers, accessibility records, safeguards incident registers, and correction registers.

17.24.9(c) Registers shall identify owner, custodian, authority, capacity, purpose, scope, classification, access class, handling class, public-safe status, affected persons or communities where appropriate, consent or non-consent conditions where applicable, Public Authority status, knowledge class, AI-use limits, map-use limits, publication limits, sponsor or provider limits, limitations, correction path, and closeout.

17.24.9(d) Protected knowledge registers shall not expose protected knowledge through the act of registration and shall be classified, restricted, sealed, or public-safe summarized where required.

17.24.9(e) The controlling rule shall be that safeguards must be recorded without turning protected people or knowledge into exposed records.

***

17.24.10 Public Authority, Safeguards, and Community Committee Records.\
17.24.10(a) GCRI Canada shall maintain Public Authority, Safeguards, and Community Committee records.

17.24.10(b) Records shall include Committee charter, membership, meetings, agendas, materials reviewed, Public Authority capacity reviews, reference approvals, public authority learning reviews, safeguards reviews, protected knowledge reviews, public-safe mapping reviews, community participation reviews, grievance reviews, remedy reviews, incident reviews, corrective actions, dissent notes, recommendations, assurance findings, and Board reports.

17.24.10(c) Records shall identify confidentiality, classification, legal privilege where applicable, public-safe status, Public Authority sensitivity, community sensitivity, protected knowledge status, personal information status, infrastructure sensitivity, cybersecurity sensitivity, finance sensitivity, access limits, owner, custodian, review cycle, and correction path.

17.24.10(d) Sensitive records shall be handled through restricted access, controlled annexes, legal files, protected knowledge registers, data rooms, clean rooms, or other secure means where required.

17.24.10(e) The controlling rule shall be that public authority and safeguards oversight must be protective in both substance and recordkeeping.

***

### 17.25 Risk, Assurance, and Correction Committee

17.25.1 Risk, Assurance, and Correction Committee Purpose.\
17.25.1(a) The Risk, Assurance, and Correction Committee, where established, shall support the Board in oversight of institutional risk, assurance, controls, correctionability, validity-by-record, supersession, withdrawal, retraction, downgrade, suspension, reinstatement, incident oversight, lessons learned, corrective action tracking, and high-risk escalation.

17.25.1(b) The Committee shall help ensure that GCRI Canada’s governance, records, evidence, methods, research, publications, data, AI, cybersecurity, public authority interfaces, finance boundaries, sponsor relationships, provider relationships, community safeguards, protected knowledge, technical assets, and Nexus interfaces remain auditable, correctionable, and aligned with mission lock.

17.25.1(c) The Committee shall not replace the Board on Board-reserved matters, shall not function as a regulator, auditor of external parties by default, certification body, finance authority, Public Authority, or execution actor, and shall act only within its Board-approved charter and delegation.

17.25.1(d) The Committee shall promote a correction culture in which error identification, supersession, withdrawal, retraction, downgrade, and clarification are treated as governance strengths where required.

17.25.1(e) The controlling rule shall be that risk oversight must lead to assurance, correction, learning, and Board visibility.

***

17.25.2 Institutional Risk Register, Issue Register, Control Register, Assurance Plan, Impact Review, and Renewal Actions.\
17.25.2(a) The Committee shall support oversight of the Institutional Risk Register, Issue Register, Control Register, Assurance Plan, impact review processes, renewal actions, corrective action plans, and related Board reporting.

17.25.2(b) The Institutional Risk Register shall identify material risks, owners, custodians, affected areas, likelihood, impact, controls, residual risk, review dates, escalation thresholds, correction paths, and Board reporting requirements.

17.25.2(c) The Issue Register shall track active issues, incidents, unresolved findings, assurance findings, audit findings, complaints, grievances, correction requests, open risks, unresolved decisions, and unclosed actions.

17.25.2(d) The Control Register shall identify key controls, control owners, control frequency, control evidence, testing status, exceptions, failures, corrective actions, and renewal dates.

17.25.2(e) The Assurance Plan shall identify periodic assurance activities, review cycles, responsible reviewers, Board or committee reporting, public-safe reporting where appropriate, and renewal actions.

17.25.2(f) The controlling rule shall be that institutional risk must be visible, assigned, tested, and renewed.

***

17.25.3 Non-Execution Risk, Public Authority Risk, Finance-Boundary Risk, Data / AI / Cyber Risk, Research Risk, Publication Risk, Technical Asset Risk, Sponsor / Provider Risk, Safeguards Risk, and Public Trust Risk.\
17.25.3(a) The Committee shall support oversight of non-execution risk, Public Authority risk, finance-boundary risk, data / AI / cyber risk, research risk, publication risk, technical asset risk, sponsor / provider risk, safeguards risk, protected knowledge risk, Nexus-interface risk, and public trust risk.

17.25.3(b) Non-execution risk includes drift into regulation, procurement, public finance approval, public warning, emergency command, certification, finance execution, market operation, infrastructure operation, National Company control, Project SPV control, or execution.

17.25.3(c) Public Authority risk includes capacity confusion, endorsement implication, public adoption overclaim, regulatory overclaim, procurement overclaim, funding overclaim, public finance overclaim, public warning confusion, emergency command confusion, and Public Authority Data misuse.

17.25.3(d) Finance-boundary risk includes investment advice implication, solicitation implication, brokerage implication, underwriting implication, lending implication, insurance implication, rating implication, guarantee implication, capital commitment implication, GRA role substitution, capital-reader misuse, and Project SPV finance overclaim.

17.25.3(e) Data / AI / cyber risk includes unlawful processing, overcollection, unauthorized AI use, data leakage, unauthorized training, embedding leakage, retrieval leakage, cybersecurity weakness, breach, repository compromise, supply-chain compromise, and third-party risk.

17.25.3(f) Research, publication, technical asset, sponsor / provider, safeguards, and public trust risks include unsupported claims, method errors, sponsor influence, provider preference, protected knowledge exposure, public-safe mapping failures, technical asset enclosure, media overclaim, and correction failure.

17.25.3(g) The controlling rule shall be that risk categories must reflect the ways GCRI Canada could accidentally become what it is not.

***

17.25.4 Validity-by-Record, Correctionability, Supersession, Withdrawal, Retraction, Downgrade, Suspension, and Reinstatement Oversight.\
17.25.4(a) The Committee shall support oversight of validity-by-record, correctionability, supersession, withdrawal, retraction, downgrade, suspension, reclassification, reinstatement, retirement, archive, sealing, and deletion where lawful and required.

17.25.4(b) Validity-by-record means that institutional meaning arises through proper record, proper authority, proper review, proper scope, proper classification, and proper boundary language, not through memory, prestige, email, chat, verbal assurance, slide decks, informal consensus, sponsor narrative, provider narrative, or media repetition.

17.25.4(c) Correctionability means that inaccurate, outdated, unsupported, unsafe, overbroad, unauthorized, misleading, stale, or harmful records and outputs must be capable of correction through recorded processes.

17.25.4(d) The Committee shall monitor correction triggers, correction states, correction notices, downstream dependency review, correction closure, unresolved corrections, and public-safe or controlled notices.

17.25.4(e) Supersession, withdrawal, retraction, downgrade, suspension, and reinstatement shall identify affected materials, authority, effective date, prior status, replacement status, dependency review, notice requirements, and archive treatment.

17.25.4(f) The controlling rule shall be that no institutional meaning is durable unless recorded and no record is trustworthy unless correctable.

***

17.25.5 Incident Oversight and Lessons Learned.\
17.25.5(a) The Committee shall support oversight of material incidents and lessons learned.

17.25.5(b) Incidents may include cybersecurity incidents, data breaches, privacy incidents, AI incidents, repository incidents, software supply-chain incidents, dashboard or API incidents, Observatory or sensor incidents, public-safe publication incidents, Public Authority misdescription incidents, finance-boundary incidents, provider or sponsor misuse incidents, community safeguard incidents, protected knowledge incidents, physical security incidents where relevant, insider risk incidents, third-party incidents, and record incidents.

17.25.5(c) Incident oversight shall review intake, triage, severity classification, containment, evidence preservation, investigation, impact assessment, legal review, privacy review, cybersecurity review, Public Authority review, finance-boundary review, safeguards review, communications review, mitigation, notification, correction, withdrawal, retraction, recovery, and closeout.

17.25.5(d) Lessons learned shall identify root causes, control failures, training needs, policy changes, technical changes, access changes, public claims changes, records corrections, assurance changes, and recurrence-prevention actions.

17.25.5(e) The Committee shall ensure that incidents are not closed merely because immediate harm has stopped where underlying controls remain weak.

17.25.5(f) The controlling rule shall be that incidents must produce learning, correction, and strengthened controls.

***

17.25.6 Annual Assurance Report or Public-Safe Assurance Statement.\
17.25.6(a) The Committee shall support preparation of an annual assurance report, periodic assurance report, public-safe assurance statement, controlled assurance report, or internal assurance report as directed by the Board.

17.25.6(b) Assurance reporting may address mission lock, non-execution, public-good stack alignment, records integrity, evidence rail assurance, research integrity, publication assurance, data governance, AI governance, cybersecurity, Public Authority boundaries, finance boundaries, sponsor non-control, provider neutrality, protected knowledge safeguards, incident response, correctionability, and Nexus role separation.

17.25.6(c) Public-safe assurance statements shall be accurate, bounded, non-overclaiming, evidence-supported, limitation-aware, and shall avoid disclosure of personal, Public Authority, cyber-sensitive, infrastructure-sensitive, finance-sensitive, community-protected, protected knowledge, legal, or confidential materials.

17.25.6(d) Assurance statements shall not imply external audit, certification, regulatory approval, Public Authority approval, finance-readiness, insurance-readiness, provider preference, sponsor validation, or protocol effect unless proper authority and records exist.

17.25.6(e) The controlling rule shall be that assurance reporting should increase accountability without creating false assurance.

***

17.25.7 Control Testing, Corrective Action Tracking, and Closeout.\
17.25.7(a) The Committee shall support control testing, corrective action tracking, verification, and closeout.

17.25.7(b) Control testing shall assess whether key governance, records, evidence, methods, publication, data, AI, cybersecurity, Public Authority, finance-boundary, sponsor, provider, safeguards, protected knowledge, technical asset, and Nexus-interface controls operate as designed.

17.25.7(c) Corrective action plans shall identify finding, root cause, affected records, affected systems, affected participants, affected outputs, owner, custodian, required action, deadline, verification method, public-safe implications, controlled notice needs, Board reporting needs, and closeout criteria.

17.25.7(d) Closeout shall require evidence that corrective action was completed, verified, recorded, linked to relevant registers, and effective enough to reduce risk to an acceptable level.

17.25.7(e) Repeated, overdue, or ineffective corrective actions shall be escalated to the Board or appropriate committee.

17.25.7(f) The controlling rule shall be that assurance without closeout is incomplete governance.

***

17.25.8 Escalation of High-Risk Matters to Board.\
17.25.8(a) The Committee shall escalate high-risk matters to the Board where Board attention, Board decision, Board-reserved matter review, legal review, public-safe review, correction, or institutional direction is required.

17.25.8(b) High-risk matters include mission-lock risk, non-execution risk, Public Authority substitution risk, finance-boundary breach, public warning confusion, emergency command confusion, data breach, AI incident, cybersecurity incident, protected knowledge exposure, major publication failure, sponsor capture, provider capture, serious conflict breach, private benefit concern, legal noncompliance, public trust crisis, or Nexus role confusion.

17.25.8(c) Escalation shall identify facts known, uncertainty, affected materials, affected persons, affected communities, affected Public Authorities, affected systems, affected records, immediate containment, recommended action, decision needed, and correction path.

17.25.8(d) Where urgent risk exists, the Committee or authorized persons may recommend stop-the-line action, quarantine, access restriction, publication hold, release hold, public claims hold, Public Authority clarification, GRA routing, GRF routing, Protocol Authority routing, or legal review before the next regular Board meeting.

17.25.8(e) The controlling rule shall be that high-risk matters must reach the Board before silence becomes acceptance.

***

17.25.9 Risk, Issue, Control, Assurance, Correction, and Incident Registers.\
17.25.9(a) GCRI Canada shall maintain Risk, Issue, Control, Assurance, Correction, and Incident registers under Board and Committee oversight.

17.25.9(b) Registers may include institutional risk registers, issue registers, control registers, assurance registers, corrective action registers, correction registers, supersession registers, withdrawal registers, retraction registers, downgrade registers, suspension registers, reinstatement registers, incident registers, breach registers, record incident registers, and lessons-learned registers.

17.25.9(c) Registers shall identify owner, custodian, risk category, issue category, control, finding, incident, severity, affected records, affected systems, affected persons, affected communities, affected Public Authorities, affected outputs, authority source, classification, public-safe status, corrective action, deadline, verification, notice status, closeout, and residual risk.

17.25.9(d) Registers shall be reviewed periodically for overdue actions, recurring failures, systemic risk, control gaps, incomplete corrections, unclosed incidents, stale risks, and Board reporting needs.

17.25.9(e) The controlling rule shall be that institutional risk and correction must be visible by register before they can be governed.

***

17.25.10 Risk, Assurance, and Correction Committee Records.\
17.25.10(a) GCRI Canada shall maintain Risk, Assurance, and Correction Committee records.

17.25.10(b) Records shall include Committee charter, membership, meetings, agendas, materials reviewed, risk reports, issue reports, control reports, assurance plans, assurance findings, correction reviews, incident reviews, lessons-learned reviews, corrective action plans, escalation records, dissent notes, recommendations, decisions within delegated authority, and Board reports.

17.25.10(c) Records shall identify confidentiality, legal privilege where applicable, classification, public-safe status, data sensitivity, cybersecurity sensitivity, Public Authority sensitivity, finance sensitivity, protected knowledge status, owner, custodian, access limits, review cycle, and correction path.

17.25.10(d) Sensitive incident, breach, legal, cybersecurity, Public Authority, finance, personal, community-protected, or protected knowledge records shall be handled through restricted access, controlled annexes, legal files, incident rooms, clean rooms, or other secure means where required.

17.25.10(e) The controlling rule shall be that risk, assurance, and correction oversight must itself be auditable, confidential where required, and correctionable.

### 17.26 Advisory Councils, Leadership Councils, Helix Councils, and Technical Panels

17.26.1 Advisory Structures as Expertise, Challenge, Learning, Stakeholder-Formation, Legibility, and Public-Benefit Support Mechanisms.\
17.26.1(a) Advisory Councils, Leadership Councils, Helix Councils, technical panels, expert panels, public authority forums, safeguards forums, community forums, and similar advisory structures may be established to support GCRI Canada through expertise, challenge, learning, stakeholder formation, public-benefit legibility, technical review, public authority context, community insight, safeguards review, and cross-domain interpretation.

17.26.1(b) Advisory structures shall be designed to improve the quality, legitimacy, readability, challengeability, and public-benefit relevance of GCRI Canada’s evidence, methods, research, public-safe publications, technical baselines, public authority learning, data governance, AI governance, cybersecurity, community safeguards, protected knowledge controls, and Nexus interfaces.

17.26.1(c) Advisory structures shall not be created for symbolic endorsement, sponsor optics, provider visibility, public authority overclaim, media positioning, capital-reader confidence, founder convenience, or informal authority substitution.

17.26.1(d) Advisory structures may provide input, critique, review, recommendations, dissent, contextual intelligence, technical insight, community perspective, or public-interest challenge, but shall not bind GCRI Canada unless a lawful and recorded delegation expressly provides otherwise.

17.26.1(e) The controlling rule shall be that advisory structures strengthen Board and institutional judgment but do not replace lawful governance.

***

17.26.2 Leadership Council as Non-Statutory Advisory or Deliberative Body Unless Lawfully Constituted Otherwise.\
17.26.2(a) A Leadership Council, where established, shall be a non-statutory advisory, deliberative, convening, challenge, learning, stakeholder-formation, or public-benefit support body unless lawfully constituted otherwise by the articles, Bylaw, Board resolution, committee charter, or other lawful instrument.

17.26.2(b) The Leadership Council shall not exercise Board authority, fiduciary authority, officer authority, Public Authority authority, corporate authority, finance-readiness authority, certification authority, protocol authority, procurement authority, public warning authority, emergency command authority, or execution authority by default.

17.26.2(c) Leadership Council participation shall not create membership rights, governance control, voting rights, corporate office, authority to bind GCRI Canada, Public Authority endorsement, sponsor validation, provider preference, finance-readiness, recognition, certification, Nexus-compatible status, or execution authority.

17.26.2(d) The Leadership Council’s terms of reference shall identify purpose, composition, chair or facilitator, role, scope, meeting cadence, confidentiality, conflicts, records, outputs, public statements, dissent, closeout, and limits.

17.26.2(e) The controlling rule shall be that leadership advice is not leadership authority unless lawful authority is expressly recorded.

***

17.26.3 Helix Councils as Thematic, Sectoral, Regional, Technical, Public Authority, Safeguards, Community, or Cross-Domain Advisory Surfaces.\
17.26.3(a) Helix Councils, where established, may serve as thematic, sectoral, regional, technical, public authority, safeguards, community, academic, industry, civil society, capital-reader, or cross-domain advisory surfaces.

17.26.3(b) Helix Councils may support interpretation across domains including AI, AI-RAN, O-RAN, private wireless, cyber, sovereign compute, DePIN, geospatial systems, digital twins, climate, nature, WEFH systems, biosecurity, energy, semiconductors, advanced manufacturing, supply chains, infrastructure, public authority learning, community safeguards, and other exponential or mission-critical technologies.

17.26.3(c) Helix Councils shall be role-classified and shall not be used to imply public authority endorsement, sector endorsement, community consent, university validation, provider certification, sponsor approval, finance-readiness, maturity status, procurement preference, or execution authority.

17.26.3(d) Helix Council outputs shall be classified as advisory input, contextual note, technical input, dissent note, recommendation, draft, public-safe summary, controlled annex, or adopted output only where adopted by proper authority.

17.26.3(e) The controlling rule shall be that helix participation helps GCRI Canada hear the system without making any participant the system’s authority.

***

17.26.4 Scientific and Technical Advisory Council.\
17.26.4(a) A Scientific and Technical Advisory Council, where established, may provide scientific, engineering, technical, methodological, computational, cybersecurity, data, AI, observability, ontology, software, technical baseline, and research integrity input to GCRI Canada.

17.26.4(b) The Council may review evidence quality, method design, benchmark logic, technical claims, observability methods, Truth Engine Methods, AI governance methods, software release issues, model and dataset documentation, reproducibility limits, and technical uncertainty.

17.26.4(c) The Council shall not certify technologies, approve providers, approve systems, approve public authority adoption, issue protocol conformance, approve procurement, determine finance-readiness, grant recognition, or create execution authority.

17.26.4(d) Scientific and technical input shall be recorded with scope, assumptions, limitations, dissent, conflicts, sponsor or provider roles where relevant, public-safe status, and correction path.

17.26.4(e) The controlling rule shall be that scientific and technical advice improves evidence quality without becoming certification or authority.

***

17.26.5 Public Authority Advisory Forum.\
17.26.5(a) A Public Authority Advisory Forum, where established, may provide public-sector context, evidence-literacy needs, technical-literacy needs, AI-literacy needs, cyber-literacy needs, data governance context, public-safe interpretation needs, and lawful public authority perspective.

17.26.5(b) Public Authority Advisory Forum participation shall be capacity-classified before public description and may include observer status, regulator-listening status, public finance reader status, emergency-management participant status, public health participant status, infrastructure operator context, Indigenous government context, personal capacity, or other recorded capacity.

17.26.5(c) Public Authority Advisory Forum participation shall not create endorsement, adoption, regulation, procurement approval, funding approval, public finance approval, public warning, emergency command, sovereign obligation, public-private partnership, public adoption, or official guidance by GCRI Canada.

17.26.5(d) Public Authority names, logos, titles, agency names, jurisdictions, quotes, attendance, photographs, and data contributions shall be referenced only with proper approval and boundary language.

17.26.5(e) The controlling rule shall be that public authority advice improves public-sector learning without delegating public authority to GCRI Canada.

***

17.26.6 Community and Safeguards Advisory Forum.\
17.26.6(a) A Community and Safeguards Advisory Forum, where established, may provide community insight, safeguards challenge, protected knowledge guidance, accessibility perspective, grievance feedback, do-no-harm review, public-safe mapping input, and public-benefit legitimacy challenge.

17.26.6(b) The Forum shall support safeguards for Indigenous knowledge, Local knowledge, Territorial knowledge, Cultural knowledge, Environmental knowledge, Protected Knowledge, vulnerable communities, remote communities, protected persons, confidential sources, and affected public-interest participants.

17.26.6(c) Community or safeguards participation shall not be used to imply community consent, social license, Indigenous consent, protected knowledge authorization, public authority endorsement, sponsor validation, provider validation, or public claims approval unless proper authority and records expressly support the specific statement.

17.26.6(d) Forum participation shall include confidentiality, attribution, non-attribution, withdrawal, grievance, remedy, accessibility, AI-use restrictions, map-use restrictions, publication limits, and correction paths where applicable.

17.26.6(e) The controlling rule shall be that community and safeguards advice must protect participants from extraction, exposure, and symbolic use.

***

17.26.7 Data, AI, Cyber, Observatory, Truth Engine, Finance-Boundary, Standards-Support, and Publication Advisory Panels.\
17.26.7(a) GCRI Canada may establish Data, AI, Cyber, Observatory, Truth Engine, Finance-Boundary, Standards-Support, Publication, Public-Safe Mapping, Technical Release, Protected Knowledge, or other specialized advisory panels.

17.26.7(b) Such panels may provide expert input on data classification, AI-use controls, model registers, inference records, cybersecurity, repository security, secure release, observability methods, Truth Engine Methods, finance-boundary language, protocol-support evidence, public-safe publication, controlled vocabulary, technical claims, and correction.

17.26.7(c) A Finance-Boundary advisory panel shall not provide investment advice, securities advice, brokerage, underwriting, lending, insurance advice, rating, guarantee, public finance approval, or GRA finance-readiness determinations by default.

17.26.7(d) A Standards-Support advisory panel shall not create protocol effect, conformance status, role keys, smart licenses, entitlement states, proof-receipt authority, or certification by default.

17.26.7(e) A Publication advisory panel shall not authorize publication unless publication authority is expressly delegated and recorded.

17.26.7(f) The controlling rule shall be that specialized advisory panels support review and interpretation without creating authority beyond their mandate.

***

17.26.8 Advisory Structures Shall Not Exercise Board Authority, Fiduciary Authority, Public Authority, Certification Authority, Finance-Readiness Authority, Procurement Authority, Protocol Authority, or Execution Authority by Default.\
17.26.8(a) Advisory structures shall not exercise Board authority, fiduciary authority, corporate authority, officer authority, Public Authority authority, certification authority, finance-readiness authority, procurement authority, protocol authority, public warning authority, emergency command authority, or execution authority by default.

17.26.8(b) Advisory recommendations, minutes, statements, attendance, dissent, technical input, public authority context, community input, sponsor input, provider input, or capital-reader input shall not bind GCRI Canada unless adopted through proper authority and record.

17.26.8(c) Advisory structures shall not issue recognition, maturity status, finance-readiness, insurance-readiness, certification, procurement approval, public authority approval, public warning, emergency command, protocol effect, provider preference, sponsor validation, Nexus-compatible status, or execution instruction.

17.26.8(d) Any advisory output that could be misread as authority shall include boundary language and shall be corrected where overclaimed.

17.26.8(e) The controlling rule shall be that advisory authority is advisory unless lawful authority expressly says otherwise.

***

17.26.9 Advisory Structure Terms, Conflicts, Confidentiality, Output Status, Dissent, Public Statements, and Closeout.\
17.26.9(a) Each material advisory structure shall have terms of reference or equivalent records identifying purpose, authority source, membership, chair or facilitator, scope, duration, meeting cadence, records, confidentiality, conflicts, access rights, output status, dissent treatment, public statement rules, and closeout.

17.26.9(b) Participants shall disclose conflicts, affiliations, financial interests, sponsor relationships, provider relationships, Public Authority roles, capital interests, National Company interests, Project SPV interests, academic interests, technical interests, IP interests, and data interests where relevant.

17.26.9(c) Advisory outputs shall be classified as draft, advisory input, technical input, recommendation, dissent note, contextual note, public-safe summary, controlled annex, restricted annex, adopted output, or archive.

17.26.9(d) Advisory participants shall not make public statements on behalf of GCRI Canada unless expressly authorized and shall not use participation to imply endorsement, authority, recognition, certification, finance-readiness, procurement advantage, provider preference, sponsor validation, Public Authority approval, or Nexus-compatible status.

17.26.9(e) Closeout shall address access revocation, materials disposition, confidentiality survival, public claims correction, records completion, and unresolved dissent or correction issues.

17.26.9(f) The controlling rule shall be that advisory participation must be bounded from admission through closeout.

***

17.26.10 Advisory Council and Panel Registers.\
17.26.10(a) GCRI Canada shall maintain Advisory Council and Panel registers for material advisory structures.

17.26.10(b) Registers shall identify advisory structure name, authority source, terms of reference, purpose, members, affiliations, roles, chair or facilitator, term, meetings, access rights, conflicts, confidentiality status, output classes, public reference permissions, public statement restrictions, dissent notes, recommendations, adopted outputs, corrections, suspensions, dissolution, and closeout.

17.26.10(c) Registers shall distinguish advisory structures from Board committees, statutory bodies, corporate offices, Public Authority bodies, GRF bodies, GRA bodies, Protocol Authority bodies, National Companies, Project SPVs, and execution actors.

17.26.10(d) Registers shall be reviewed periodically for stale structures, unclear authority, unmanaged conflicts, public claims risk, inactive memberships, unresolved outputs, and closeout needs.

17.26.10(e) The controlling rule shall be that advisory structures must be register-valid because informal advisory surfaces can otherwise become shadow authority.

***

### 17.27 Working Groups and Technical Task Forces

17.27.1 Working Groups as Time-Bound or Standing Technical, Research, Drafting, Evidence, Method, Policy, Safeguard, or Implementation-Support Groups.\
17.27.1(a) Working Groups may be established as time-bound or standing technical, research, drafting, evidence, method, policy, safeguard, public authority learning, data, AI, cybersecurity, publication, ontology, software, technical baseline, or implementation-support groups.

17.27.1(b) Working Groups shall support GCRI Canada by preparing drafts, testing methods, reviewing evidence, developing recommendations, producing technical inputs, identifying risks, supporting public-safe materials, and assisting implementation within recorded scope.

17.27.1(c) Working Groups shall not be used as substitutes for Board approval, committee authority, officer authority, Public Authority action, GRF recognition, GRA finance-readiness, Protocol Authority effect, certification, procurement decision, or execution activity.

17.27.1(d) Working Groups may be internal, external, mixed, cross-institutional, technical, community-facing, public authority-facing, or Nexus-interface groups, provided their role, access, outputs, records, and boundaries are clearly defined.

17.27.1(e) The controlling rule shall be that Working Groups may do disciplined preparatory work but shall not create institutional effect by default.

***

17.27.2 Working Group Mandate, Scope, Chair, Members, Deliverables, Timeline, Records, Conflicts, and Closeout.\
17.27.2(a) Each material Working Group shall have a mandate or terms of reference identifying purpose, authority source, scope, chair or facilitator, members, deliverables, timeline, records, conflicts, confidentiality, access rights, public claims limits, review gates, and closeout.

17.27.2(b) The mandate shall state whether the Working Group may draft, test, review, recommend, advise, monitor, prepare materials, or support implementation, and shall state what it may not do.

17.27.2(c) Working Group membership shall be appropriate to role, sensitivity, expertise, independence, conflicts, Public Authority involvement, finance sensitivity, provider involvement, sponsor involvement, protected knowledge exposure, data access, AI use, and cybersecurity risk.

17.27.2(d) Deliverables shall identify output class, intended reviewer, adoption pathway, publication pathway if any, public-safe status, limitations, and correction path.

17.27.2(e) Closeout shall address records, unresolved issues, access revocation, materials disposition, public claims correction, dependency handoff, and archive.

17.27.2(f) The controlling rule shall be that Working Groups require defined mandates because undefined work becomes undefined authority.

***

17.27.3 Technical Task Forces for High-Risk or Specialized Domains.\
17.27.3(a) Technical Task Forces may be established for high-risk or specialized domains requiring concentrated expertise, rapid review, incident response, method development, technical release review, secure release, controlled technology review, public-safe mapping review, AI review, cybersecurity review, or Nexus-interface review.

17.27.3(b) Such domains may include AI, agentic AI, AI-RAN, O-RAN, DePIN, sovereign compute, verifiable compute, cybersecurity, operational technology, critical infrastructure, sensors, geospatial systems, digital twins, biosecurity, health-sensitive data, climate and disaster systems, energy, semiconductors, advanced manufacturing, supply chains, space, and other mission-critical technologies.

17.27.3(c) Technical Task Forces shall operate under heightened controls where they involve sensitive data, Public Authority Data, protected knowledge, cyber-sensitive materials, infrastructure-sensitive materials, controlled technology, export-control risk, finance-sensitive materials, or public-safe release.

17.27.3(d) Technical Task Force outputs shall be reviewed before publication, release, interface use, Public Authority reference, finance-facing use, provider use, sponsor use, or adoption.

17.27.3(e) The controlling rule shall be that high-risk technical work requires stronger scope, records, security, and review.

***

17.27.4 Working Groups May Draft, Test, Review, Recommend, or Support but Shall Not Bind GCRI Canada Unless Delegated.\
17.27.4(a) Working Groups may draft, test, review, recommend, support, document, analyze, benchmark, prototype, or prepare materials, but shall not bind GCRI Canada unless proper authority expressly delegates a defined action.

17.27.4(b) Working Group recommendations shall not be treated as Board decisions, committee decisions, officer decisions, public-safe publication authority, technical release authority, recognition, finance-readiness, certification, protocol effect, Public Authority approval, procurement approval, provider preference, sponsor validation, or execution authority.

17.27.4(c) Working Group chairs and participants shall not sign agreements, approve publications, release software, approve datasets, grant data access, approve public authority references, approve finance-facing materials, or make public statements unless separately authorized.

17.27.4(d) Any Working Group action beyond mandate shall be held, reviewed, corrected, ratified only where lawful and appropriate, or rescinded.

17.27.4(e) The controlling rule shall be that Working Group output becomes institutional only through adoption, delegation, or proper record.

***

17.27.5 Working Group Outputs Shall Be Classified as Draft, Recommendation, Technical Input, Public-Safe Output, or Adopted Output.\
17.27.5(a) Working Group outputs shall be classified before circulation, reliance, publication, technical release, public authority use, finance-facing use, provider use, sponsor use, or Nexus-interface use.

17.27.5(b) Output classes may include internal draft, controlled draft, recommendation, technical input, evidence note, method note, dissent note, public-safe output, controlled annex, restricted annex, adopted output, superseded output, withdrawn output, retracted output, archived output, or other approved class.

17.27.5(c) Draft and recommendation outputs shall include language stating that they are not adopted institutional positions unless and until approved by proper authority.

17.27.5(d) Adopted outputs shall identify adopting authority, date, version, scope, limitations, public-safe status, repository location, and correction path.

17.27.5(e) The controlling rule shall be that output classification prevents draft work from becoming institutional meaning by circulation.

***

17.27.6 Working Group Participation Does Not Create Certification, Recognition, Finance-Readiness, Public Authority Approval, Procurement Advantage, Provider Preference, Sponsor Control, or Execution Authority.\
17.27.6(a) Working Group participation shall not create certification, recognition, maturity status, finance-readiness, insurance-readiness, Public Authority approval, procurement advantage, provider preference, sponsor validation, Nexus-compatible status, protocol effect, public warning authority, emergency command authority, or execution authority.

17.27.6(b) Attendance, contribution, authorship, review, testing, benchmarking, technical input, Public Authority context, sponsor support, provider support, host support, capital-reader participation, university participation, community participation, or Nexus participation shall not create status by implication.

17.27.6(c) Participants shall not use Working Group participation in press releases, websites, social media, investor materials, procurement materials, grant materials, public authority materials, sponsor materials, provider materials, or media statements without approved wording where risk exists.

17.27.6(d) Unauthorized claims shall require correction, withdrawal, public-safe clarification, controlled notice, access restriction, suspension, termination, or other remedy.

17.27.6(e) The controlling rule shall be that Working Group participation is contribution, not credential.

***

17.27.7 Working Group Records, Dissent, Minority Notes, and Review.\
17.27.7(a) Working Groups shall maintain records proportionate to role and risk, including mandate, membership, meetings, materials reviewed, outputs, conflicts, recusals, dissent, minority notes, recommendations, review status, corrective actions, and closeout.

17.27.7(b) Dissent and minority notes shall be recorded where material to evidence quality, method integrity, technical uncertainty, public-safe status, protected knowledge, Public Authority boundaries, finance boundaries, provider neutrality, sponsor non-control, or public trust.

17.27.7(c) Working Group records shall distinguish factual record, discussion, draft language, recommendation, unresolved issue, dissent, and adopted output.

17.27.7(d) Records shall be classified, access-controlled, repository-deposited where appropriate, corrected where inaccurate, and archived at closeout.

17.27.7(e) The controlling rule shall be that Working Group disagreement is governance signal and should not be erased for narrative convenience.

***

17.27.8 Working Group Public Statements Require Authorization.\
17.27.8(a) Working Group public statements require authorization.

17.27.8(b) No Working Group chair, member, contributor, advisor, sponsor, provider, Public Authority participant, community participant, university participant, capital reader, or Nexus participant shall speak for GCRI Canada or the Working Group publicly unless authorized by proper authority and within approved scope.

17.27.8(c) Public statements shall use controlled vocabulary, approved boundary language, accurate role descriptions, public-safe content, and proper reference approvals.

17.27.8(d) Working Group materials shall not be shared publicly, posted online, quoted, used in media, included in tender materials, used in investor materials, or cited in public authority materials unless publication or reference is approved.

17.27.8(e) The controlling rule shall be that Working Group voice is not public voice without authorization.

***

17.27.9 Working Group Misuse or Overclaim Requires Correction.\
17.27.9(a) Misuse or overclaim of Working Group participation, outputs, materials, drafts, recommendations, names, logos, technical inputs, public authority involvement, sponsor involvement, provider involvement, or Nexus references shall require correction.

17.27.9(b) Misuse includes presenting drafts as adopted, presenting recommendations as decisions, presenting participation as certification, presenting Public Authority attendance as endorsement, presenting provider participation as preference, presenting sponsor support as control, presenting evidence input as finance-readiness, or presenting technical input as protocol effect.

17.27.9(c) Corrective action may include public-safe clarification, controlled notice, withdrawal, retraction, takedown request, access restriction, participant discipline, Working Group suspension, output reclassification, or Board escalation.

17.27.9(d) Misuse shall be reviewed for downstream dependencies, public claims, Public Authority confusion, finance risk, procurement risk, provider benefit, sponsor benefit, media amplification, and public trust harm.

17.27.9(e) The controlling rule shall be that Working Group overclaim must be corrected before it becomes external reliance.

***

17.27.10 Working Group Register and Assurance.\
17.27.10(a) GCRI Canada shall maintain a Working Group Register and Working Group Assurance process.

17.27.10(b) The Register shall identify Working Group name, authority source, mandate, chair, members, affiliations, conflicts, purpose, scope, term, deliverables, output classes, access rights, confidentiality status, public claims limits, records location, review cycle, status, suspension, dissolution, and closeout.

17.27.10(c) Working Group Assurance shall review whether Working Groups remain necessary, scoped, active, conflict-managed, records-valid, output-classified, access-controlled, public-safe, and within mandate.

17.27.10(d) Assurance findings may require mandate revision, membership change, access restriction, output correction, public claims correction, training, suspension, dissolution, or Board or committee reporting.

17.27.10(e) The controlling rule shall be that Working Groups must be periodically assured because practical work can become hidden institutional authority.

***

### 17.28 Conflicts of Interest and Related-Party Transactions

17.28.1 Conflict Controls as Core Public-Good Safeguard.\
17.28.1(a) Conflict controls shall be a core public-good safeguard of GCRI Canada.

17.28.1(b) Conflict controls shall protect mission lock, fiduciary duty, evidence integrity, research integrity, methods integrity, public-safe publication, data rights, cybersecurity, protected knowledge, Public Authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, anti-inurement, anti-capture, legal separateness, and public trust.

17.28.1(c) Conflicts shall be assessed in fact, appearance, and influence risk, including direct, indirect, financial, institutional, professional, personal, technical, data, AI, IP, sponsor, provider, Public Authority, capital, National Company, Project SPV, university, community, and Nexus-interface conflicts.

17.28.1(d) A conflict shall not be ignored because the conflicted person has expertise, status, funding value, public authority role, technical indispensability, founder proximity, sponsor relationship, provider relationship, or public visibility.

17.28.1(e) The controlling rule shall be that public-good trust requires conflict disclosure, mitigation, recusal, records, and correction.

***

17.28.2 Covered Persons: Directors, Officers, Staff, Committee Members, Council Participants, Fellows, Advisors, Contractors, Researchers, Contributors, Sponsors, Providers, Hosts, Donors, Funders, Public Authorities, Universities, and Related Parties Where Applicable.\
17.28.2(a) Conflict rules shall apply to covered persons according to role, access, authority, influence, public visibility, data access, public authority involvement, finance involvement, technical involvement, protected knowledge exposure, and risk.

17.28.2(b) Covered persons may include Directors, Officers, employees, staff, committee members, advisory council participants, Leadership Council participants, Helix Council participants, panel participants, Working Group participants, fellows, scholars, advisors, contractors, researchers, reviewers, contributors, maintainers, developers, sponsors, donors, funders, grantors, providers, vendors, hosts, Public Authorities, universities, laboratories, community participants, media participants, capital readers, National Companies, Project SPVs, Nexus-interface actors, and related parties.

17.28.2(c) A person shall not avoid conflict obligations by acting through an affiliate, employer, related entity, family member, controlled entity, sponsored project, consulting arrangement, investment vehicle, or informal representative.

17.28.2(d) Conflict obligations shall be proportionate but shall apply wherever a person may influence or appear to influence GCRI Canada’s decisions, records, evidence, methods, publications, technical assets, access, public claims, or interfaces.

17.28.2(e) The controlling rule shall be that conflict coverage follows influence, not title alone.

***

17.28.3 Financial Conflicts.\
17.28.3(a) Financial conflicts include direct or indirect financial interests that may affect or appear to affect judgment, access, recommendation, evidence selection, method selection, publication, technical release, Public Authority interface, finance-facing material, procurement-sensitive context, provider treatment, sponsor treatment, or correction.

17.28.3(b) Financial conflicts may include compensation, consulting fees, equity, options, warrants, tokens, debt, revenue shares, commissions, referral fees, success fees, grants, sponsorships, donations, employment, board roles, advisory roles, contractor payments, vendor relationships, investment interests, insurance interests, lending interests, procurement interests, or project interests.

17.28.3(c) Financial conflicts shall be disclosed before affected participation, decision, review, access, recommendation, publication, release, or public claim.

17.28.3(d) Mitigation may include recusal, abstention, independent review, access restriction, public-safe disclosure, role narrowing, firewalls, refusal of participation, or termination of involvement.

17.28.3(e) The controlling rule shall be that financial interests must not determine institutional truth, access, or public meaning.

***

17.28.4 Institutional Conflicts.\
17.28.4(a) Institutional conflicts include conflicts arising from employment, board roles, advisory roles, public office, sponsorship, funding, provider relationships, host relationships, academic relationships, Public Authority roles, capital-reader roles, National Company roles, Project SPV roles, media roles, or Nexus-interface roles.

17.28.4(b) Institutional conflicts may arise where an institution seeks legitimacy, access, public authority proximity, finance signal, procurement advantage, provider status, sponsor visibility, publication influence, data access, technical baseline influence, or Nexus positioning.

17.28.4(c) Institutional affiliation shall not automatically disqualify participation, but shall be disclosed, classified, mitigated, and recorded where influence risk exists.

17.28.4(d) Institutional conflicts may require role separation, non-attribution, access restriction, committee exclusion, independent review, separate teams, public claims limits, or refusal of participation.

17.28.4(e) The controlling rule shall be that institutional relationships must be visible enough to govern.

***

17.28.5 Research Conflicts.\
17.28.5(a) Research conflicts include conflicts affecting research agenda, protocol design, data selection, method selection, benchmark design, model evaluation, interpretation, peer review, publication timing, publication conclusions, public-safe framing, correction, withdrawal, or retraction.

17.28.5(b) Research conflicts may arise from funding source, sponsor relationship, provider relationship, host relationship, academic competition, authorship interest, publication incentive, career interest, IP interest, prior position, advocacy role, political interest, public authority role, data ownership, or technical asset interest.

17.28.5(c) Research conflicts shall be disclosed in research records, reviewer records, publication records, public-safe summaries, controlled annexes, and correction records where appropriate.

17.28.5(d) Mitigation may include independent review, reviewer recusal, additional peer review, limitation language, public-safe disclosure, method transparency, data access restriction, and separation between funder and research team.

17.28.5(e) The controlling rule shall be that research independence must be protected in design, review, publication, and correction.

***

17.28.6 Data, AI, Cybersecurity, IP, Software, and Technical Asset Conflicts.\
17.28.6(a) Data, AI, cybersecurity, IP, software, and technical asset conflicts include conflicts affecting data access, AI tool selection, model selection, retrieval source selection, repository access, software contribution, technical baseline development, license choice, secure release, vulnerability disclosure, dependency selection, IP ownership, contributor rights, or technical claims.

17.28.6(b) Such conflicts may arise from relationships with AI providers, cloud providers, cybersecurity providers, data vendors, software vendors, telecommunications providers, AI-RAN providers, O-RAN providers, DePIN providers, sensor providers, dashboard providers, repository providers, standards actors, patent holders, open-source projects, or competing technical systems.

17.28.6(c) Conflicts shall be reviewed for self-preferencing, technical asset capture, hidden proprietary advantage, data extraction, model training misuse, license capture, dependency capture, vulnerability suppression, secure release bias, and public-good asset enclosure.

17.28.6(d) Mitigation may include repository access restriction, independent maintainer review, license review, IP review, security review, SBOM review, no-merge restrictions, no-release restrictions, clean room use, or public-safe disclosure where appropriate.

17.28.6(e) The controlling rule shall be that technical conflicts must not become hidden control of public-good assets.

***

17.28.7 Public Authority Conflicts.\
17.28.7(a) Public Authority conflicts include conflicts arising from public office, agency role, regulator role, procurement role, public finance role, emergency-management role, public health role, public infrastructure role, policy role, data-provider role, or public authority affiliation.

17.28.7(b) Public Authority conflicts shall be reviewed for endorsement implication, regulatory implication, procurement implication, funding implication, public finance implication, public warning implication, emergency command implication, public adoption implication, sovereign obligation implication, and Public Authority Data misuse.

17.28.7(c) Public Authority participants shall be capacity-classified and shall not participate in a manner that creates improper influence, procurement advantage, regulatory advantage, finance signal, provider preference, sponsor benefit, or public authority confusion.

17.28.7(d) Mitigation may include capacity limitation, reference approval, non-attribution, recusal, access restriction, do-not-discuss rules, Public Authority Data restrictions, or legal review.

17.28.7(e) The controlling rule shall be that public authority roles must be managed because public power can be implied by proximity.

***

17.28.8 Finance, Capital, Insurance, Lending, Rating, and Public Finance Conflicts.\
17.28.8(a) Finance, capital, insurance, lending, rating, and public finance conflicts include conflicts involving investors, lenders, insurers, underwriters, brokers, finders, rating actors, guarantors, public finance actors, MDB or DFI actors, grant actors, capital readers, finance advisors, or persons with interests in finance-facing outcomes.

17.28.8(b) Such conflicts shall be reviewed for investment advice implication, solicitation implication, brokerage implication, underwriting implication, lending implication, insurance implication, rating implication, guarantee implication, public finance approval implication, capital commitment implication, and GRA role substitution.

17.28.8(c) Covered persons with finance conflicts shall not shape evidence, proof packs, public-safe summaries, capital-reader materials, GRA inputs, National Company materials, Project SPV materials, public finance references, or finance-sensitive publications in a manner that creates improper finance signal.

17.28.8(d) Mitigation may include finance-boundary review, GRA routing, no-reliance language, access restriction, recusal, independent review, legal review, or refusal.

17.28.8(e) The controlling rule shall be that finance-facing conflicts must be managed before evidence becomes capital signal.

***

17.28.9 Sponsor, Provider, Host, National Company, Project SPV, and Vendor Conflicts.\
17.28.9(a) Sponsor, provider, host, National Company, Project SPV, and vendor conflicts shall be reviewed where those actors may influence or benefit from GCRI Canada’s evidence, methods, publications, Public Authority interfaces, technical baselines, rooms, data access, benchmarks, public claims, or Nexus interfaces.

17.28.9(b) Sponsor conflicts include outcome purchase, publication suppression, sponsor veto, public authority access purchase, narrative influence, correction suppression, or control over institutional truth.

17.28.9(c) Provider and vendor conflicts include provider preference, procurement advantage, benchmark distortion, technical baseline capture, public authority approval implication, certification implication, data access misuse, and technical asset enclosure.

17.28.9(d) National Company and Project SPV conflicts include finance signal, procurement advantage, public authority adoption overclaim, execution drift, related-party risk, and improper use of GCRI Canada materials.

17.28.9(e) Mitigation may include separation, access restriction, independent review, public claims review, procurement-safety controls, finance-boundary review, contract amendment, or termination.

17.28.9(f) The controlling rule shall be that enterprise-adjacent interests must not steer public-good stewardship.

***

17.28.10 Related-Party Transaction Review, Fairness Determination, Disinterested Approval, Recusal, Records, and Legal Compliance.\
17.28.10(a) Related-party transactions shall require review for legality, fairness, reasonableness, mission fit, private benefit, anti-inurement, conflicts, public trust, public-good asset protection, and compliance with applicable law and governing instruments.

17.28.10(b) Related parties may include Directors, Officers, members where applicable, employees, contractors, fellows, advisors, sponsors, providers, donors, funders, hosts, family members, affiliated entities, controlled entities, National Companies, Project SPVs, or persons with material influence over GCRI Canada.

17.28.10(c) Related-party review shall include disclosure, conflict classification, recusal, disinterested review, independent valuation or reasonableness assessment where applicable, fair-market or fair-value analysis where appropriate, mission-benefit justification, legal review where required, and proper records.

17.28.10(d) Disinterested approval shall be obtained where required and conflicted persons shall not improperly participate in deliberation, recommendation, approval, access, or implementation.

17.28.10(e) The controlling rule shall be that related-party transactions must be independently justified and records-valid before effect.

***

17.28.11 Conflict Violations, Correction, Restricted Access, Removal, Termination, Public Clarification, or Legal Review.\
17.28.11(a) Conflict violations include failure to disclose, incomplete disclosure, false disclosure, failure to update, violation of recusal, improper access, influence contrary to mitigation, hidden related-party benefit, public claims misuse, sponsor influence, provider preference, finance overclaim, or use of GCRI Canada materials for conflicted advantage.

17.28.11(b) Conflict violations shall require response proportionate to seriousness, intent, recurrence, concealment, affected decisions, affected records, affected materials, public reliance, legal risk, data risk, Public Authority risk, finance risk, procurement risk, sponsor or provider benefit, and public trust risk.

17.28.11(c) Corrective action may include record correction, reconsideration, ratification where lawful, rescission, recusal order, restricted access, independent review, public-safe clarification, controlled notice, removal from role, suspension, termination, contractual remedy, legal review, or Board reporting.

17.28.11(d) Affected decisions, publications, technical releases, data access, Public Authority references, finance-facing materials, sponsor references, provider references, and downstream dependencies shall be reviewed where conflict violation may have affected institutional meaning.

17.28.11(e) The controlling rule shall be that conflict violations require repair of the affected governance record, not only discipline of the person.

***

17.28.12 Conflict and Related-Party Transaction Register.\
17.28.12(a) GCRI Canada shall maintain a Conflict and Related-Party Transaction Register.

17.28.12(b) The Register shall identify covered person, role, conflict type, affected entities, affected matters, disclosure date, review status, mitigation, recusal, access restriction, independent review, related-party transaction status, fairness determination, approval authority, legal review where applicable, breach status, corrective action, review date, and closeout.

17.28.12(c) The Register shall link to Board records, committee records, delegation records, access records, data records, publication records, sponsorship records, provider records, Public Authority records, finance records, technical asset records, and correction records where applicable.

17.28.12(d) Access to the Register shall be restricted according to confidentiality, privacy, legal privilege, governance need, and public-safe requirements.

17.28.12(e) The controlling rule shall be that conflicts and related-party transactions must be visible to governance even where not publicly disclosed.

***

### 17.29 Recusal, Restricted Access, and Independent Review

17.29.1 Recusal Required Where Conflict, Bias, Influence Risk, or Appearance Risk Requires.\
17.29.1(a) Recusal shall be required where conflict, bias, influence risk, appearance risk, related-party interest, financial interest, institutional interest, sponsor relationship, provider relationship, Public Authority role, capital interest, National Company interest, Project SPV interest, data interest, IP interest, or technical dependency could materially affect judgment or public trust.

17.29.1(b) Recusal may be required even where the affected person believes they can act fairly, if a reasonable person could question independence, impartiality, or public-good alignment.

17.29.1(c) Recusal shall be applied before deliberation, recommendation, approval, access, publication, release, public claim, interface decision, or implementation where risk exists.

17.29.1(d) Recusal shall not be used as a substitute for broader corrective action where the conflict is structural, repeated, unmanageable, or affects prior decisions.

17.29.1(e) The controlling rule shall be that recusal protects institutional judgment from both actual and apparent influence.

***

17.29.2 Recusal From Deliberation, Recommendation, Approval, Data Access, Review, Publication, Public Claims, Technical Release, or Interface Decision Where Appropriate.\
17.29.2(a) Recusal may apply to deliberation, recommendation, approval, voting, decision preparation, data access, evidence review, method review, research review, peer review, publication review, public claims review, technical release review, Public Authority reference review, finance-boundary review, procurement-sensitive review, provider review, sponsor review, or Nexus-interface decision.

17.29.2(b) A recused person shall not receive restricted materials, attend restricted discussion, influence reviewers, draft conclusions, negotiate outcomes, communicate unofficial instructions, or use informal channels to influence the matter.

17.29.2(c) Partial recusal may be used where a person may provide factual or technical input but must not participate in deliberation, recommendation, or approval.

17.29.2(d) The scope of recusal shall be recorded and enforced through meeting procedures, access controls, records restrictions, and minutes or equivalent records.

17.29.2(e) The controlling rule shall be that recusal must remove influence, not merely remove a vote.

***

17.29.3 Restricted Access for Conflicted Persons.\
17.29.3(a) Restricted access shall be imposed where a conflicted person’s access to records, data, technical assets, rooms, repositories, dashboards, maps, public authority materials, finance-sensitive materials, protected knowledge, or publications could create private advantage, public claims misuse, provider preference, sponsor benefit, finance signal, procurement distortion, Public Authority confusion, or public trust risk.

17.29.3(b) Access restrictions may apply to Board packets, committee materials, controlled annexes, data rooms, clean rooms, Public Authority rooms, capital-reader rooms, repositories, issue trackers, technical release branches, datasets, model registers, inference records, incident rooms, and correction records.

17.29.3(c) Restricted access shall be role-based, purpose-bound, time-limited where appropriate, logged where appropriate, and reviewed periodically.

17.29.3(d) Access restriction shall not relieve the person of confidentiality, non-use, non-disclosure, public claims, data protection, cybersecurity, or correction obligations.

17.29.3(e) The controlling rule shall be that conflicted persons shall not receive sensitive institutional materials merely because they hold a title.

***

17.29.4 Independent Review for High-Risk Conflicts.\
17.29.4(a) Independent review shall be required where high-risk conflicts affect Board decisions, related-party transactions, research outputs, publications, technical releases, Public Authority interfaces, finance-facing materials, procurement-sensitive contexts, protected knowledge, data access, AI use, cybersecurity, sponsor relationships, provider relationships, or Nexus interfaces.

17.29.4(b) Independent review may be internal or external, provided the reviewer is sufficiently independent, qualified, conflict-reviewed, confidentiality-bound, and authorized.

17.29.4(c) Independent review shall assess evidence, process, conflicts, influence, source records, legal compliance, public-safe status, limitations, boundary language, and correction path.

17.29.4(d) The results of independent review shall be recorded, including scope, reviewer, limitations, findings, dissent where applicable, conditions, and recommendations.

17.29.4(e) The controlling rule shall be that high-risk conflicts require review by someone not captured by the conflict.

***

17.29.5 Independent Legal, Technical, Research, Data, AI, Cybersecurity, Public Authority, Finance, Safeguards, or Publication Review Where Needed.\
17.29.5(a) GCRI Canada may require independent legal, technical, research, data, AI, cybersecurity, Public Authority, finance-boundary, safeguards, protected knowledge, publication, or public claims review where risk, complexity, conflict, uncertainty, or public reliance warrants.

17.29.5(b) Legal review may be required for corporate authority, fiduciary duty, nonprofit status, tax, privacy, data, employment, contract, sanctions, export-control, public authority, procurement, finance, IP, litigation, or liability issues.

17.29.5(c) Technical review may be required for software, AI systems, cybersecurity, secure release, repositories, technical baselines, benchmarks, datasets, dashboards, maps, APIs, schemas, compute environments, and controlled technology.

17.29.5(d) Safeguards and Public Authority review may be required for protected knowledge, community participation, Indigenous knowledge, Public Authority Data, public-safe mapping, public warnings, emergency command, public finance, and public authority references.

17.29.5(e) Finance-boundary review may be required for capital-reader materials, GRA inputs, National Company materials, Project SPV materials, insurance references, public finance references, and finance-sensitive publications.

17.29.5(f) The controlling rule shall be that independent review should match the risk domain.

***

17.29.6 Recusal Does Not Eliminate Duty to Maintain Confidentiality.\
17.29.6(a) Recusal, restricted access, role limitation, suspension, resignation, termination, or closeout shall not eliminate the duty to maintain confidentiality.

17.29.6(b) A recused or restricted person shall not use, disclose, summarize, share, publish, train on, embed, retrieve, forward, quote, commercialize, or otherwise exploit information obtained before recusal or restriction.

17.29.6(c) Confidentiality duties shall apply to Board materials, committee materials, advisory materials, data, AI outputs, protected knowledge, Public Authority Data, finance-sensitive materials, sponsor materials, provider materials, technical releases, repositories, credentials, secrets, legal materials, and correction records.

17.29.6(d) Breach of confidentiality after recusal shall be treated as a separate breach and may require discipline, access revocation, correction, controlled notice, public-safe notice, contractual remedy, or legal review.

17.29.6(e) The controlling rule shall be that recusal removes influence but preserves confidentiality.

***

17.29.7 Improper Participation by Conflicted Person Requires Correction or Reconsideration.\
17.29.7(a) Improper participation by a conflicted person shall require correction, reconsideration, ratification where lawful and appropriate, rescission, access review, public claims review, or other remedy proportionate to the effect.

17.29.7(b) Improper participation includes failure to recuse, attendance during restricted deliberation, unauthorized access, informal influence, drafting conclusions, communicating pressure, voting, approving, recommending, shaping publication, shaping technical release, shaping Public Authority reference, or shaping finance-facing material.

17.29.7(c) Affected decisions shall be reviewed for whether the conflict materially influenced outcome, process, record, public claim, publication, technical release, access grant, or downstream reliance.

17.29.7(d) Where improper participation affected external materials, GCRI Canada shall consider public-safe clarification, controlled notice, correction, withdrawal, retraction, or other correction state.

17.29.7(e) The controlling rule shall be that conflicted participation can contaminate institutional meaning and must be repaired.

***

17.29.8 Recusal and Restricted Access Records.\
17.29.8(a) GCRI Canada shall maintain recusal and restricted access records.

17.29.8(b) Records shall identify person, role, matter, conflict or risk, recusal scope, access restriction, affected materials, affected meetings, affected records, decision authority, start date, end date or review date, confidentiality obligations, enforcement method, breach status, and closeout.

17.29.8(c) Records shall link to conflict records, Board minutes, committee records, access logs, data room logs, clean room logs, repository records, Public Authority records, finance-boundary records, publication records, technical release records, and correction records where applicable.

17.29.8(d) Recusal records shall be handled with appropriate confidentiality and public-safe controls.

17.29.8(e) The controlling rule shall be that recusal must be recorded to be enforceable and auditable.

***

17.29.9 Review of Repeated or Structural Conflicts.\
17.29.9(a) Repeated or structural conflicts shall be reviewed for whether individual mitigation is sufficient or whether broader governance action is required.

17.29.9(b) Structural conflicts may arise where Board composition, committee composition, funding dependency, provider dependency, technical dependency, public authority proximity, capital-reader relationships, founder control, sponsor support, or Nexus-interface arrangements create recurring influence risk.

17.29.9(c) Review may result in composition changes, committee restructuring, delegation changes, access redesign, funding diversification, provider separation, independent review requirements, public claims restrictions, relationship termination, or Board action.

17.29.9(d) Repeated recusal that prevents a person from performing core duties may trigger role reassignment, non-renewal, removal where lawful, or relationship redesign.

17.29.9(e) The controlling rule shall be that repeated conflict is a governance architecture problem, not merely a disclosure problem.

***

17.29.10 Recusal Assurance.\
17.29.10(a) GCRI Canada shall conduct Recusal Assurance for material decisions, committees, advisory structures, Working Groups, public authority interfaces, finance-facing materials, technical releases, publications, data access, and related-party transactions.

17.29.10(b) Assurance shall review whether conflicts were disclosed, recusals were required, recusal scope was adequate, restricted access was enforced, independent review was obtained where needed, minutes reflected recusal appropriately, and affected decisions remained valid.

17.29.10(c) Assurance shall identify improper participation, access leakage, informal influence, missing records, overbroad access, unresolved structural conflicts, and repeated recusal patterns.

17.29.10(d) Findings may require correction, reconsideration, access redesign, training, public-safe notice, controlled notice, committee change, delegation change, or Board reporting.

17.29.10(e) The controlling rule shall be that recusal must be tested because influence often moves through informal channels.

***

### 17.30 Governance Records

17.30.1 Board Records.\
17.30.1(a) GCRI Canada shall maintain Board records as constitutional governance records.

17.30.1(b) Board records shall include notices, agendas, Board packets, minutes, resolutions, written consents, decision records, reserved-matter records, attendance records, quorum records, conflict disclosures, recusal records, dissent records where recorded, committee reports, officer reports, Board approvals, Board refusals, Board holds, Board corrections, and Board closeout records.

17.30.1(c) Board records shall identify authority, date, participants, capacity, materials reviewed, decisions taken, conditions, implementation owner, review cycle, public-safe status, classification, repository location, and correction path where applicable.

17.30.1(d) Board records shall not be replaced by email, chat, verbal assurance, slide decks, sponsor communications, provider communications, public authority conversations, media statements, or informal summaries.

17.30.1(e) The controlling rule shall be that Board authority must be evidenced by Board records.

***

17.30.2 Director Records.\
17.30.2(a) GCRI Canada shall maintain Director records.

17.30.2(b) Director records shall include eligibility review, appointment or election records, term records, consent records, resignation records, removal records where applicable, qualification records, independence records, conflict disclosures, recusals, committee assignments, training records, attendance, evaluations, public reference permissions, access rights, restrictions, and closeout.

17.30.2(c) Director records shall identify legal eligibility, mission-lock acknowledgment, fiduciary training, public-benefit understanding, confidentiality obligations, data access, Public Authority exposure, finance exposure, protected knowledge exposure, and continuing obligations where applicable.

17.30.2(d) Sensitive Director records shall be handled with confidentiality, privacy, legal review where appropriate, and access controls.

17.30.2(e) The controlling rule shall be that Director status, qualification, independence, and authority must be records-valid.

***

17.30.3 Officer Records.\
17.30.3(a) GCRI Canada shall maintain Officer records.

17.30.3(b) Officer records shall include appointment records, role descriptions, delegations, authority limits, reporting lines, compensation records, conflict disclosures, independence considerations, performance records, training records, access rights, signature authority, budget authority, suspension or removal records, resignation records, closeout records, and continuing obligations.

17.30.3(c) Officer records shall distinguish title, authority, delegated power, reserved-matter limits, public claims authority, publication authority, data authority, AI authority, technical release authority, Public Authority interface authority, finance-boundary authority, and records duties.

17.30.3(d) Officer records shall be corrected where authority, title, delegation, public reference, or access is outdated, overbroad, inaccurate, or terminated.

17.30.3(e) The controlling rule shall be that officer authority must be traceable from appointment through closeout.

***

17.30.4 Delegation Records.\
17.30.4(a) GCRI Canada shall maintain Delegation Records for material delegations of authority.

17.30.4(b) Delegation Records shall identify delegate, role, authority source, scope, limits, term, effective date, expiration or review date, budget authority, signature authority, access authority, reporting duties, records duties, conflict duties, stop-the-line duties, prohibited functions, escalation thresholds, suspension, revocation, and closeout.

17.30.4(c) Delegation Records shall distinguish authority to prepare, recommend, review, implement, approve, sign, publish, release, spend, access, or escalate.

17.30.4(d) Delegation Records shall be reviewed periodically and corrected where authority is stale, ambiguous, overbroad, unused, exceeded, or inconsistent with law, Bylaw, Charter, policy, budget, or mission lock.

17.30.4(e) The controlling rule shall be that delegation must be written and current because implied delegation creates shadow governance.

***

17.30.5 Committee Records.\
17.30.5(a) GCRI Canada shall maintain Committee Records for Board committees and other committees with delegated or Board-supporting functions.

17.30.5(b) Committee Records shall include committee charters, membership, chairs, terms, agendas, minutes, materials reviewed, decisions within delegated authority, recommendations, dissent notes, conflicts, recusals, access restrictions, reports to the Board, corrective actions, reviews, renewals, suspensions, dissolutions, and closeout.

17.30.5(c) Committee Records shall distinguish recommendations from decisions and delegated committee action from Board action.

17.30.5(d) Committee Records shall be classified and access-controlled according to confidentiality, privacy, legal privilege, data, cybersecurity, Public Authority, finance, protected knowledge, and public-safe requirements.

17.30.5(e) The controlling rule shall be that committee work must be recorded because it supports or exercises delegated governance.

***

17.30.6 Advisory Council, Leadership Council, Helix Council, Panel, and Working Group Records.\
17.30.6(a) GCRI Canada shall maintain Advisory Council, Leadership Council, Helix Council, Panel, and Working Group records.

17.30.6(b) Records shall include terms of reference, mandates, membership, roles, affiliations, conflicts, confidentiality terms, agendas, meeting notes, materials reviewed, outputs, output classification, recommendations, dissent, minority notes, public statement approvals, access rights, corrections, and closeout.

17.30.6(c) Records shall distinguish advisory input, draft output, technical input, recommendation, dissent note, public-safe output, controlled annex, adopted output, and archived output.

17.30.6(d) Advisory and Working Group records shall include boundary language where outputs could be mistaken for GCRI Canada approval, Public Authority endorsement, recognition, finance-readiness, certification, procurement preference, provider preference, sponsor validation, protocol effect, or execution authority.

17.30.6(e) The controlling rule shall be that participation records prevent advisory and working structures from becoming hidden authority.

***

17.30.7 Conflict, Recusal, Independence, Related-Party, Gifts, Hospitality, and Integrity Records.\
17.30.7(a) GCRI Canada shall maintain Conflict, Recusal, Independence, Related-Party, Gifts, Hospitality, and Integrity records.

17.30.7(b) Records shall identify covered person, role, interest, relationship, value where relevant, affected matters, disclosure date, review status, mitigation, recusal, restricted access, independent review, related-party transaction review, fairness determination, approval authority, breach status, corrective action, and closeout.

17.30.7(c) Gifts and hospitality records shall identify giver, recipient, value, purpose, date, relationship, acceptance decision, return or refusal where applicable, conflict review, public trust risk, and closeout.

17.30.7(d) Integrity records shall include conduct concerns, whistleblower matters, non-retaliation records, grievance records, investigation records, remedies, sanctions, and corrections where applicable.

17.30.7(e) The controlling rule shall be that integrity must be documented because trust cannot be governed by reputation alone.

***

17.30.8 Board-Reserved Matter Records.\
17.30.8(a) GCRI Canada shall maintain Board-Reserved Matter Records.

17.30.8(b) Records shall identify reserved-matter category, decision question, authority source, Board materials, legal review, mission-lock review, public-good review, non-execution review, Public Authority review, finance-boundary review, data / AI / cybersecurity review, safeguards review, conflicts, recusals, options, decision, conditions, implementation owner, effective date, review cycle, notices, correction path, and closeout.

17.30.8(c) Reserved matters include constitutional instruments, major strategy, budget, material officers, major committees, major policies, major funding, interface agreements, major technical releases, high-risk Public Authority matters, high-risk finance matters, protected knowledge matters, structural changes, dissolution, and other matters reserved by law, Bylaw, Charter, policy, or Board decision.

17.30.8(d) Reserved-matter records shall be retained as constitutional governance records.

17.30.8(e) The controlling rule shall be that reserved matters require decision-grade records.

***

17.30.9 Decision Pack Records.\
17.30.9(a) GCRI Canada shall maintain Decision Pack Records for material Board, committee, officer, delegated, or high-risk decisions where decision-grade support is required.

17.30.9(b) Decision Pack Records shall identify decision question, authority source, background, options, recommendation, evidence, assumptions, limitations, risks, dependencies, conflicts, legal review, public-good review, mission-lock review, boundary review, data / AI / cybersecurity review, safeguards review, finance review, Public Authority review, public-safe status, implementation owner, conditions, review cycle, and correction path.

17.30.9(c) Decision Packs shall distinguish fact, assumption, analysis, recommendation, unresolved question, dissent, management preference, sponsor assertion, provider assertion, Public Authority context, and Board or delegated decision point.

17.30.9(d) Decision Pack Records shall be corrected, supplemented, superseded, or reopened where material facts, authority, risks, or assumptions change.

17.30.9(e) The controlling rule shall be that material decisions require records sufficient to understand, audit, and correct the decision.

***

17.30.10 Governance Policy Records.\
17.30.10(a) GCRI Canada shall maintain Governance Policy Records.

17.30.10(b) Governance Policy Records shall include adopted policies, procedures, schedules, annexes, manuals, doctrine instruments, committee charters, advisory terms, delegation instruments, controlled vocabulary instruments, records instruments, correction instruments, and superseded versions.

17.30.10(c) Records shall identify adopting authority, effective date, version, scope, owner, custodian, review cycle, public-safe status, repository location, affected instruments, superseded instruments, change log, training requirements, and correction path.

17.30.10(d) Governance policies shall not be silently edited, informally replaced, or overridden by practice without proper authority and record.

17.30.10(e) The controlling rule shall be that governance policy exists only as adopted, versioned, and correctable record.

***

17.30.11 Governance Correction, Supersession, Withdrawal, and Archive Records.\
17.30.11(a) GCRI Canada shall maintain Governance Correction, Supersession, Withdrawal, and Archive Records.

17.30.11(b) Records shall identify corrected or superseded instrument, prior version, new version, correction state, authority, reason, effective date, affected decisions, affected delegations, affected committees, affected advisory structures, affected public claims, affected records, affected policies, downstream dependencies, notice requirements, archive status, and closeout.

17.30.11(c) Governance correction states may include clarification, erratum, correction, reclassification, downgrade, suspension, supersession, withdrawal, retraction, retirement, reinstatement, archive, sealing, or deletion where lawful and required.

17.30.11(d) Public-safe or controlled notices shall be issued where governance corrections affect public materials, participant reliance, Public Authority references, finance-facing materials, sponsor or provider materials, technical releases, or Nexus interfaces.

17.30.11(e) The controlling rule shall be that governance records must remain correctable because governance meaning changes only through records.

***

17.30.12 Governance Register and Gazette Notices Where Appropriate.\
17.30.12(a) GCRI Canada shall maintain a Governance Register and shall use Gazette notices where appropriate for adopted, public-safe, controlled, superseded, withdrawn, retracted, corrected, or archived governance instruments.

17.30.12(b) The Governance Register shall identify governance instrument name, type, authority, version, effective date, status, owner, custodian, repository location, public-safe status, classification, review cycle, supersession chain, correction history, and archive status.

17.30.12(c) Gazette notices may be used for Charter updates, Bylaw updates, policy adoption, major committee creation, major delegation notices, public-safe corrections, supersessions, withdrawals, retractions, public-safe summaries, and other notices requiring authoritative institutional visibility.

17.30.12(d) Gazette notices shall not create external legal effect, recognition, finance-readiness, certification, Public Authority approval, procurement approval, provider preference, sponsor validation, protocol effect, or execution authority beyond stated scope and authority.

17.30.12(e) The controlling rule shall be that governance visibility must be authoritative, bounded, and records-valid.

### 17.31 Board and Governance Evaluation

17.31.1 Periodic Board Evaluation.\
17.31.1(a) GCRI Canada shall conduct periodic Board evaluation to assess whether the Board remains fit to steward the corporation’s Canadian public-benefit, nonprofit, non-share, non-distributing, non-executing, evidence-and-methods, public-good technical institution character.

17.31.1(b) Board evaluation shall assess Board performance, composition, independence, fiduciary discipline, mission-lock oversight, non-execution oversight, Public-Good Stack alignment, Nexus role separation, records discipline, correctionability, committee effectiveness, Director engagement, officer oversight, risk governance, public trust stewardship, and capacity to challenge drift.

17.31.1(c) Evaluation may be conducted through self-assessment, committee assessment, peer review, chair review, external governance review, skills matrix review, assurance findings, incident history, training records, and Board renewal planning.

17.31.1(d) Board evaluation shall not be treated as a ceremonial exercise. It shall identify whether the Board is actually capable of governing the institution as its mission, risks, systems, stakeholders, technologies, and public-facing meaning expand.

17.31.1(e) The controlling rule shall be that the Board must periodically test its own fitness to protect mission, law, records, safeguards, and public trust.

***

17.31.2 Director Performance and Contribution Review.\
17.31.2(a) GCRI Canada shall periodically review Director performance and contribution in a manner consistent with law, Bylaw, confidentiality, collegiality, fiduciary duty, independence, and public-benefit governance.

17.31.2(b) Review may assess attendance, preparation, judgment, independence, mission-lock understanding, ability to challenge overclaim, conflict disclosure, recusal compliance, committee contribution, confidentiality, training completion, public claims discipline, public-benefit orientation, technical literacy, legal literacy, safeguards awareness, and willingness to support correction.

17.31.2(c) Director contribution shall not be measured solely by fundraising value, public profile, sponsor access, provider access, public authority access, media visibility, capital access, technical prestige, or founder proximity.

17.31.2(d) Where concerns arise, corrective action may include training, mentoring, role change, committee reassignment, conflict mitigation, access restriction, succession planning, non-renewal, resignation discussion, or removal where lawful.

17.31.2(e) The controlling rule shall be that Director service requires active stewardship, not nominal affiliation.

***

17.31.3 Board Skills Matrix Review.\
17.31.3(a) GCRI Canada shall maintain and periodically review a Board skills matrix.

17.31.3(b) The skills matrix shall assess collective Board capability across Canadian nonprofit governance, fiduciary duty, public-benefit strategy, law, finance, audit, internal controls, risk, research integrity, evidence governance, methods, AI, data governance, cybersecurity, technical asset stewardship, public-safe publication, Public Authority boundaries, finance boundaries, procurement neutrality, sponsor non-control, provider neutrality, community safeguards, protected knowledge, accessibility, and Nexus role separation.

17.31.3(c) The matrix shall identify required, present, emerging, missing, insufficient, overconcentrated, and priority competencies.

17.31.3(d) Skills review shall support recruitment, renewal, training, committee assignments, advisor use, independent review needs, and succession planning.

17.31.3(e) The controlling rule shall be that Board competence must be mapped against actual governance burden, not assumed from titles.

***

17.31.4 Committee Evaluation.\
17.31.4(a) GCRI Canada shall periodically evaluate Board committees.

17.31.4(b) Committee evaluation shall assess mandate clarity, charter compliance, composition, independence, conflicts, records quality, reporting quality, delegated authority compliance, Board-reserved matter discipline, public-safe handling, confidentiality, access controls, corrective action tracking, and effectiveness.

17.31.4(c) Evaluation shall determine whether each committee remains necessary, properly scoped, sufficiently resourced, adequately expert, conflict-managed, and aligned with mission lock.

17.31.4(d) Findings may require committee rechartering, consolidation, dissolution, membership change, training, delegation amendment, access restriction, records remediation, or Board reporting changes.

17.31.4(e) The controlling rule shall be that committees must remain active governance safeguards and not stale authority surfaces.

***

17.31.5 Advisory Structure Evaluation.\
17.31.5(a) GCRI Canada shall periodically evaluate Advisory Councils, Leadership Councils, Helix Councils, technical panels, expert panels, forums, and other advisory structures.

17.31.5(b) Evaluation shall assess purpose, continuing need, role clarity, membership, conflicts, independence, confidentiality, access rights, output classification, dissent recording, public statements, public claims risk, sponsor or provider influence, Public Authority implications, community safeguard implications, and closeout needs.

17.31.5(c) Evaluation shall identify whether any advisory structure has drifted toward shadow governance, public authority implication, certification implication, finance-readiness implication, provider preference, sponsor validation, public consent implication, or execution authority.

17.31.5(d) Findings may require amended terms, role clarification, membership change, conflict mitigation, access restriction, public claims correction, suspension, dissolution, or Board escalation.

17.31.5(e) The controlling rule shall be that advisory structures must be evaluated because legitimacy can drift from advice into implied authority.

***

17.31.6 Officer Delegation Evaluation.\
17.31.6(a) GCRI Canada shall periodically evaluate Officer delegations and executive leadership authority.

17.31.6(b) Evaluation shall assess whether delegations remain lawful, necessary, scoped, understood, recorded, current, budget-aligned, policy-aligned, access-aligned, conflict-managed, and consistent with mission lock, non-execution, Board-reserved matters, and public-good stack discipline.

17.31.6(c) Evaluation shall review Officer performance in maintaining Public Authority boundaries, finance boundaries, records discipline, data governance, AI governance, cybersecurity, research integrity, publication discipline, sponsor non-control, provider neutrality, safeguards, escalation, and correction.

17.31.6(d) Findings may require delegation narrowing, suspension, revocation, training, supervision, reporting changes, access changes, compensation review, succession planning, or Board action.

17.31.6(e) The controlling rule shall be that delegation must remain alive to risk and cannot become permanent informal authority.

***

17.31.7 Mission Lock, Non-Execution, Public-Good Stack, Evidence, Data, AI, Cybersecurity, Public Authority, Finance, Safeguards, and Records Governance Review.\
17.31.7(a) Governance evaluation shall include review of mission lock, non-execution, Public-Good Stack alignment, One Rail / Two Stacks discipline, Public-Good Firewall, evidence governance, methods governance, data governance, AI governance, cybersecurity governance, Public Authority boundaries, finance boundaries, procurement neutrality, provider neutrality, sponsor non-control, community safeguards, protected knowledge, records, registers, Gazette, correction, and supersession.

17.31.7(b) Review shall assess whether governance instruments, committees, officers, advisory structures, working groups, technical systems, public claims, funding relationships, provider relationships, Public Authority interfaces, Nexus interfaces, and technical assets preserve GCRI Canada’s constitutional role.

17.31.7(c) Review shall identify drift, ambiguity, missing records, unsupported claims, stale policies, unmanaged conflicts, excessive dependence, underdeveloped controls, unclosed corrections, public trust risk, and places where practice has diverged from governing instruments.

17.31.7(d) Governance review shall be informed by incidents, assurance findings, audit findings, grievances, correction records, public claims reviews, access reviews, and Board experience.

17.31.7(e) The controlling rule shall be that governance must be tested against the institution’s actual behavior.

***

17.31.8 Governance Gap Analysis and Renewal Plan.\
17.31.8(a) GCRI Canada shall conduct governance gap analysis and maintain a governance renewal plan where material gaps are identified.

17.31.8(b) Gap analysis shall identify deficiencies in Board composition, committee structure, delegations, policies, records, training, conflicts, independence, data governance, AI governance, cybersecurity, public authority controls, finance-boundary controls, safeguards, technical asset governance, public claims discipline, correctionability, and Nexus role separation.

17.31.8(c) A renewal plan shall identify required actions, responsible owner, priority, timeline, resources, dependencies, required Board decisions, policy amendments, training updates, register updates, technical changes, and assurance follow-up.

17.31.8(d) Renewal actions shall be tracked until verified and closed.

17.31.8(e) The controlling rule shall be that governance evaluation must produce renewal, not merely observation.

***

17.31.9 Governance Training and Corrective Action.\
17.31.9(a) Governance evaluation findings shall inform governance training and corrective action.

17.31.9(b) Training may be required for Directors, Officers, committee members, council participants, advisors, fellows, staff, contributors, sponsors, providers, Public Authority participants, Working Group participants, and other material participants where evaluation identifies knowledge gaps or repeated governance failures.

17.31.9(c) Corrective action may include policy amendment, delegation correction, committee redesign, records remediation, conflict mitigation, access review, public claims correction, Board composition change, advisory structure revision, public-safe notice, controlled notice, or incident response.

17.31.9(d) Corrective actions shall identify owner, custodian, deadline, verification method, record update, training requirement, public-safe implication, and closeout.

17.31.9(e) The controlling rule shall be that governance evaluation must strengthen future governance behavior.

***

17.31.10 Evaluation Records and Board Renewal Register.\
17.31.10(a) GCRI Canada shall maintain evaluation records and a Board Renewal Register or equivalent records.

17.31.10(b) Records shall include Board evaluation records, Director review records, skills matrix records, committee evaluation records, advisory structure evaluation records, Officer delegation evaluation records, governance gap analyses, renewal plans, training actions, corrective actions, Board reports, and closeout records.

17.31.10(c) Records shall identify confidentiality, privacy status, legal sensitivity, owner, custodian, findings, actions, responsible persons, deadlines, verification, review cycle, and correction path.

17.31.10(d) Sensitive personal, Director, Officer, conflict, conduct, legal, or governance performance records shall be handled with appropriate confidentiality and access restrictions.

17.31.10(e) The controlling rule shall be that governance evaluation must be recorded enough to support renewal while protected enough to preserve lawful confidentiality.

***

### 17.32 Governance Training

17.32.1 Director Onboarding.\
17.32.1(a) Each Director shall receive onboarding appropriate to the Director’s role, committee assignments, access rights, fiduciary responsibilities, conflicts, public-facing role, and governance risk.

17.32.1(b) Director onboarding shall address GCRI Canada’s legal identity, public-benefit purpose, nonprofit and non-distributing status, mission lock, non-execution, Public-Good Stack alignment, legal separateness, Board-reserved matters, fiduciary duties, conflicts, independence, records discipline, correctionability, Public Authority boundaries, finance boundaries, sponsor non-control, provider neutrality, protected knowledge, data, AI, cybersecurity, public-safe publication, and Nexus role separation.

17.32.1(c) Onboarding shall distinguish Board authority from officer authority, committee authority, advisory input, Working Group output, sponsor participation, provider participation, Public Authority participation, GRF authority, GRA authority, Protocol Authority, National Company activity, Project SPV activity, and execution actor activity.

17.32.1(d) Director onboarding shall be completed within a reasonable period after appointment and before participation in high-risk matters where feasible.

17.32.1(e) The controlling rule shall be that Directors must understand the institution before exercising authority over it.

***

17.32.2 Officer Onboarding.\
17.32.2(a) Officers and Executive Leadership shall receive onboarding appropriate to their delegated authority, reporting duties, records duties, access rights, budget authority, public-facing role, technical role, and risk profile.

17.32.2(b) Officer onboarding shall address lawful appointment, delegation limits, Board-reserved matters, mission lock, non-execution, Public Authority boundaries, finance boundaries, public claims discipline, data governance, AI governance, cybersecurity, records, registers, Gazette, correction, supersession, sponsor non-control, provider neutrality, safeguards, and escalation duties.

17.32.2(c) Officers shall be trained to pause, narrow, refuse, route, or escalate matters where authority, boundary, legal, data, AI, cybersecurity, public-safe, protected knowledge, Public Authority, finance, sponsor, provider, or public trust risk exists.

17.32.2(d) Officer onboarding shall include practical training on approval workflows, Case IDs, decision records, delegation records, publication controls, technical release controls, access controls, incident reporting, and correction procedures.

17.32.2(e) The controlling rule shall be that Officer authority must begin with boundary literacy.

***

17.32.3 Committee and Council Onboarding.\
17.32.3(a) Committee members, Advisory Council participants, Leadership Council participants, Helix Council participants, panel participants, and Working Group participants shall receive onboarding appropriate to their role, mandate, access, confidentiality, public claims limits, conflicts, and output status.

17.32.3(b) Onboarding shall explain whether the person or body may decide, recommend, advise, review, draft, test, monitor, or support only.

17.32.3(c) Onboarding shall address non-authority by default, confidentiality, conflicts, recusal, access limits, records, dissent, output classification, public statements, controlled vocabulary, public-safe handling, Public Authority boundaries, finance boundaries, sponsor non-control, provider neutrality, protected knowledge, and correction.

17.32.3(d) Participants shall be instructed that participation does not create Board authority, fiduciary authority, Public Authority endorsement, recognition, certification, finance-readiness, procurement advantage, provider preference, sponsor validation, Nexus-compatible status, protocol effect, or execution authority.

17.32.3(e) The controlling rule shall be that advisory and committee participation must begin with role clarity.

***

17.32.4 Fiduciary Duty Training.\
17.32.4(a) GCRI Canada shall provide fiduciary duty training to Directors and, where appropriate, Officers and committee participants.

17.32.4(b) Fiduciary duty training shall address duties of good faith, loyalty, care, diligence, prudence, independence, confidentiality, conflict management, best interests of GCRI Canada, nonprofit stewardship, public-benefit purpose, anti-inurement, private benefit, related-party transactions, and lawful decision-making.

17.32.4(c) Training shall explain that GCRI Canada’s best interests are interpreted through its Canadian nonprofit, public-benefit, non-executing, evidence-and-methods, public-good technical institution identity.

17.32.4(d) Fiduciary training shall include practical examples involving sponsors, providers, Public Authorities, capital readers, National Companies, Project SPVs, technical contributors, public claims, data access, protected knowledge, and correction.

17.32.4(e) The controlling rule shall be that fiduciary duty must be understood in the specific context of GCRI Canada’s mission and risk profile.

***

17.32.5 Charter and Bylaw Training.\
17.32.5(a) GCRI Canada shall provide Charter and Bylaw training to Directors, Officers, committee participants, and other persons with governance or operational authority where appropriate.

17.32.5(b) Training shall explain the relationship among applicable law, articles, Bylaw, Charter, Board resolutions, policies, procedures, schedules, annexes, doctrine instruments, committee charters, delegation instruments, and operating records.

17.32.5(c) Training shall explain that the Bylaw controls corporate mechanics where required, and the Charter guides mission interpretation, role separation, non-execution, public-good alignment, correctionability, validity-by-record, and institutional meaning where consistent with law and Bylaw.

17.32.5(d) Training shall include amendment, supersession, no-silent-edit, Gazette, repository, records, and correction requirements for governance instruments.

17.32.5(e) The controlling rule shall be that constitutional instruments must be understood before they can be followed.

***

17.32.6 Non-Execution and Boundary Training.\
17.32.6(a) GCRI Canada shall provide non-execution and boundary training to persons whose roles may create execution, Public Authority, finance, procurement, certification, provider, sponsor, public warning, emergency command, protocol, or Nexus-interface risk.

17.32.6(b) Training shall explain that GCRI Canada does not regulate, procure, approve funding, approve public finance, issue official public warnings, command emergencies, certify technologies by default, provide investment advice, solicit securities, broker transactions, underwrite insurance, rate credit, guarantee outcomes, operate market infrastructure, control National Companies, control Project SPVs, or execute downstream activity.

17.32.6(c) Training shall distinguish evidence support, technical input, public authority learning, public-safe publication, technical baselines, Observatory Methods, Truth Engine Methods, GRA inputs, GRF inputs, Protocol Authority inputs, and lawful downstream execution by other actors.

17.32.6(d) Training shall include examples of overclaim, ambiguous authority, improper reliance, and required correction.

17.32.6(e) The controlling rule shall be that boundary literacy is required before boundary-sensitive work.

***

17.32.7 Public Authority and Finance-Boundary Training.\
17.32.7(a) GCRI Canada shall provide Public Authority and finance-boundary training to Directors, Officers, committee members, public authority interface participants, capital-reader interface participants, publication teams, event teams, technical teams, and others where relevant.

17.32.7(b) Public Authority training shall address capacity classification, non-endorsement, Public Authority Data, reference approvals, public warning boundary, emergency command boundary, regulatory boundary, procurement boundary, funding boundary, public finance boundary, Public Authority rooms, and public authority learning limits.

17.32.7(c) Finance-boundary training shall address no investment advice, no solicitation, no brokerage, no underwriting, no lending, no insurance placement, no rating, no guarantee, no capital commitment, no public finance approval, GRA role preservation, capital-reader room limits, and no-reliance language.

17.32.7(d) Training shall include public claims, public-safe notices, sponsor and provider co-presence, National Company interfaces, Project SPV interfaces, media communications, and correction pathways.

17.32.7(e) The controlling rule shall be that public authority and finance implications must be recognized before words or access create meaning.

***

17.32.8 Data, AI, Cybersecurity, Research Integrity, Public-Safe Claims, Records, and Correction Training.\
17.32.8(a) GCRI Canada shall provide training on data, AI, cybersecurity, research integrity, public-safe claims, records, and correction to persons whose roles touch such matters.

17.32.8(b) Data training shall address classification, lawful basis, purpose limitation, minimization, rights-bearing data, Public Authority Data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, finance-sensitive data, community-protected data, protected knowledge, retention, deletion, sealing, and cross-border transfer.

17.32.8(c) AI training shall address model registers, inference records, unauthorized training prohibitions, embedding restrictions, retrieval restrictions, human review, hallucination control, source verification, AI output limits, and AI incident reporting.

17.32.8(d) Cybersecurity training shall address identity, access, MFA where required, secrets, keys, tokens, secure collaboration, repository security, secure release, incident reporting, breach handling, and third-party risk.

17.32.8(e) Research, publication, records, and correction training shall address protocols, methods, peer or expert review, claims substantiation, controlled vocabulary, public-safe publication, Case IDs, registers, Gazette, no-email-governance, no-silent-edit, supersession, withdrawal, retraction, and correction notices.

17.32.8(f) The controlling rule shall be that technical and publication competence must include records and correction competence.

***

17.32.9 Community Safeguards and Protected Knowledge Training.\
17.32.9(a) GCRI Canada shall provide community safeguards and protected knowledge training to persons whose roles may involve communities, Indigenous knowledge, Local knowledge, Territorial knowledge, Cultural knowledge, Environmental knowledge, Protected Knowledge, public-safe mapping, vulnerable participants, protected persons, or community-facing public communications.

17.32.9(b) Training shall address protected participation, non-extraction, consent or non-consent where applicable, withdrawal, attribution, non-attribution, grievance, remedy, non-retaliation, accessibility, public-safe mapping, AI-use limits, data handling, publication limits, and correction.

17.32.9(c) Training shall explain that community participation does not create consent, endorsement, social license, sponsor validation, provider validation, Public Authority approval, or public claims authority by default.

17.32.9(d) Training shall include do-no-harm review, sensitive location controls, protected knowledge registers, controlled annexes, public-safe summaries, and incident response.

17.32.9(e) The controlling rule shall be that safeguards must be learned before protected participation is invited or protected knowledge is handled.

***

17.32.10 Training Records, Refresh Cycles, Acknowledgments, and Remediation.\
17.32.10(a) GCRI Canada shall maintain training records, refresh cycles, acknowledgments, and remediation records.

17.32.10(b) Training records shall identify person, role, required training, completed training, completion date, acknowledgment, refresh cycle, missed training, remediation, access restrictions linked to training, and closeout.

17.32.10(c) Training shall be refreshed when laws, policies, technology risks, data practices, AI practices, cybersecurity threats, Public Authority interfaces, finance-boundary risks, safeguards requirements, or assurance findings materially change.

17.32.10(d) Persons who fail to complete required training may be restricted from affected roles, systems, rooms, decisions, publications, data access, AI tools, technical releases, Public Authority interfaces, finance-facing materials, or protected knowledge contexts.

17.32.10(e) The controlling rule shall be that training must be recorded and linked to authority, access, and remediation.

***

### 17.33 Governance Incidents

17.33.1 Governance Incident Definition.\
17.33.1(a) A Governance Incident is any act, omission, communication, decision, record failure, authority overreach, conflict failure, public claim, structural failure, or boundary failure that may impair lawful governance, fiduciary duty, mission lock, non-execution, Public-Good Stack alignment, role separation, records validity, correctionability, public trust, or Board accountability.

17.33.1(b) Governance Incidents may involve Directors, Officers, committees, advisory structures, Working Groups, staff, fellows, advisors, contractors, sponsors, providers, hosts, Public Authorities, universities, communities, capital readers, National Companies, Project SPVs, Nexus actors, or other participants.

17.33.1(c) Governance Incidents may be low, moderate, high, or critical depending on authority consequence, legal consequence, public reliance, public-safe impact, Public Authority implication, finance implication, data sensitivity, cybersecurity impact, protected knowledge impact, sponsor or provider benefit, and public trust effect.

17.33.1(d) A Governance Incident shall be handled as a governance matter even where it also constitutes a data incident, cybersecurity incident, publication incident, conflict incident, conduct incident, or contractual breach.

17.33.1(e) The controlling rule shall be that governance failures require governance response.

***

17.33.2 Unauthorized Board or Officer Action.\
17.33.2(a) Unauthorized Board or Officer action shall constitute a Governance Incident where a Director, Board subset, Officer, executive leader, or other person purports to act for GCRI Canada without lawful authority, proper delegation, proper procedure, required approval, required record, or required review.

17.33.2(b) Unauthorized action may include unapproved commitments, unapproved public statements, unapproved publications, unapproved contracts, unapproved Public Authority references, unapproved finance-facing materials, unapproved technical releases, unapproved data sharing, unapproved AI use, unapproved sponsor terms, unapproved provider preference, or unapproved Nexus interface commitments.

17.33.2(c) Unauthorized action shall be reviewed for validity, legality, reliance, conflicts, public-safe consequences, data consequences, cybersecurity consequences, Public Authority consequences, finance consequences, and correction needs.

17.33.2(d) Corrective action may include hold, ratification where lawful and appropriate, rescission, correction, public-safe notice, controlled notice, access restriction, delegation revision, discipline, or legal review.

17.33.2(e) The controlling rule shall be that authority defects must be cured by record or unwound.

***

17.33.3 Delegation Breach.\
17.33.3(a) A Delegation Breach occurs where a delegate exceeds scope, ignores limits, acts after expiration, fails to report, fails to keep records, bypasses required review, performs prohibited functions, or fails to escalate boundary risk.

17.33.3(b) Delegation Breach may involve spending authority, signature authority, publication authority, public claims authority, technical release authority, data access authority, AI-use authority, repository authority, Public Authority interface authority, finance-boundary authority, or participant access authority.

17.33.3(c) Delegation Breach shall be reviewed for affected decisions, affected records, affected contracts, affected publications, affected systems, affected Public Authority references, affected finance materials, affected data, affected technical releases, and downstream reliance.

17.33.3(d) Corrective action may include delegation narrowing, suspension, revocation, ratification where lawful, rescission, access revocation, training, supervision, discipline, correction, or Board reporting.

17.33.3(e) The controlling rule shall be that delegation failure must repair both the authority record and any external effect.

***

17.33.4 Conflict or Recusal Breach.\
17.33.4(a) A Conflict or Recusal Breach occurs where a covered person fails to disclose a conflict, provides incomplete or false disclosure, fails to update disclosure, violates recusal, accesses restricted materials, influences a matter informally, or participates despite required independence restrictions.

17.33.4(b) The breach shall be reviewed for whether affected decisions, recommendations, publications, technical releases, public claims, Public Authority references, finance-facing materials, data access, provider treatment, sponsor treatment, or related-party transactions were influenced.

17.33.4(c) Corrective action may include reconsideration, independent review, ratification where lawful, rescission, recusal order, access restriction, public-safe clarification, controlled notice, discipline, removal where lawful, termination, or legal review.

17.33.4(d) Repeated or structural conflict breaches shall trigger governance architecture review.

17.33.4(e) The controlling rule shall be that conflicted participation can contaminate institutional authority and must be corrected.

***

17.33.5 Committee or Council Overreach.\
17.33.5(a) Committee or Council Overreach occurs where a committee, Advisory Council, Leadership Council, Helix Council, panel, Working Group, technical task force, or similar structure exceeds its mandate, acts beyond delegation, presents recommendations as decisions, issues public statements without authority, or creates implied institutional status.

17.33.5(b) Overreach may include apparent Board approval, Public Authority endorsement, recognition, finance-readiness, certification, procurement approval, provider preference, sponsor validation, protocol effect, public warning, emergency command, Nexus-compatible status, or execution authority.

17.33.5(c) The incident shall be reviewed for affected outputs, public claims, meeting records, public statements, participant materials, sponsor or provider materials, Public Authority materials, media materials, and downstream reliance.

17.33.5(d) Corrective action may include output reclassification, public-safe clarification, controlled notice, mandate revision, access restriction, training, suspension, dissolution, or Board action.

17.33.5(e) The controlling rule shall be that advisory and committee overreach must be corrected before informal structure becomes perceived authority.

***

17.33.6 Public Authority Boundary Governance Incident.\
17.33.6(a) A Public Authority Boundary Governance Incident occurs where GCRI Canada governance, officers, committees, councils, materials, records, rooms, dashboards, maps, public authority learning, or public communications create or risk creating Public Authority confusion.

17.33.6(b) Such incidents include overstatement of Public Authority attendance, endorsement, adoption, regulatory approval, procurement approval, funding approval, public finance approval, public warning, emergency command, public-private partnership, public adoption, official guidance, or sovereign obligation.

17.33.6(c) The incident shall be reviewed for affected Public Authorities, affected records, data contributions, reference approvals, public materials, media materials, sponsor or provider co-presence, public reliance, and correction needs.

17.33.6(d) Corrective action may include capacity reclassification, public-safe clarification, controlled notice, Public Authority clarification, removal of references, dashboard or map correction, publication withdrawal, legal review, or Board reporting.

17.33.6(e) The controlling rule shall be that Public Authority confusion must be corrected with precision and urgency.

***

17.33.7 Finance-Boundary Governance Incident.\
17.33.7(a) A Finance-Boundary Governance Incident occurs where governance action, delegation, publication, room activity, capital-reader interface, public finance reference, National Company interface, Project SPV interface, GRA interface, or public communication creates or risks creating finance overclaim.

17.33.7(b) Finance overclaim includes implication of investment advice, solicitation, brokerage, finder activity, underwriting, lending, insurance placement, rating, guarantee, credit approval, public finance approval, grant approval, MDB or DFI approval, sovereign finance approval, capital commitment, or finance-readiness by GCRI Canada.

17.33.7(c) The incident shall be reviewed for affected materials, audiences, capital readers, GRA interfaces, public finance actors, National Companies, Project SPVs, sponsors, providers, public claims, and downstream reliance.

17.33.7(d) Corrective action may include finance-boundary correction, GRA routing, legal review, public-safe notice, controlled notice, access restriction, withdrawal, retraction, or relationship review.

17.33.7(e) The controlling rule shall be that finance ambiguity must be corrected before evidence becomes transaction signal.

***

17.33.8 Sponsor or Provider Capture Incident.\
17.33.8(a) A Sponsor or Provider Capture Incident occurs where a sponsor, donor, funder, grantor, provider, vendor, contractor, host, technical contributor, platform actor, or related party controls, influences, or appears to control GCRI Canada’s evidence, methods, publications, public-safe outputs, Public Authority access, technical baselines, correction decisions, controlled vocabulary, or institutional truth.

17.33.8(b) Capture incidents include outcome purchase, publication suppression, sponsor veto, provider preference, benchmark distortion, procurement advantage, public authority access purchase, technical asset enclosure, data extraction, correction suppression, or public claims misuse.

17.33.8(c) The incident shall be reviewed for affected agreements, funding, in-kind support, access rights, publications, technical assets, Public Authority interfaces, provider materials, sponsor materials, and public claims.

17.33.8(d) Corrective action may include agreement amendment, access restriction, public claims correction, public-safe notice, controlled notice, return of support, provider restriction, sponsor restriction, independent review, termination, or Board action.

17.33.8(e) The controlling rule shall be that capture must be treated as a constitutional risk, not a relationship management issue.

***

17.33.9 Record Failure or No-Record Governance Incident.\
17.33.9(a) A Record Failure or No-Record Governance Incident occurs where material governance action, approval, delegation, decision, conflict, recusal, public claim, publication, technical release, Public Authority reference, finance-facing material, data access, AI use, correction, or supersession occurs without required record.

17.33.9(b) Record failure includes reliance on email, chat, verbal assurance, slides, meeting notes, drafts, informal consensus, unofficial repositories, unapproved summaries, or stale materials as governance approval.

17.33.9(c) The incident shall be reviewed for whether institutional meaning was created without authority, whether public reliance occurred, whether downstream dependencies exist, and whether correction or ratification is lawful and appropriate.

17.33.9(d) Corrective action may include record reconstruction, authority mapping, ratification where lawful, rescission, correction, public-safe notice, controlled notice, repository remediation, training, or discipline.

17.33.9(e) The controlling rule shall be that no-record governance must be corrected because record absence destroys authority clarity.

***

17.33.10 Public Claims Governance Incident.\
17.33.10(a) A Public Claims Governance Incident occurs where public communications, publications, websites, social media, media statements, speeches, sponsor materials, provider materials, public authority materials, investor materials, grant materials, procurement materials, or Nexus materials create unsupported, unauthorized, misleading, stale, unsafe, or overbroad claims about GCRI Canada.

17.33.10(b) Public claims incidents include claims of recognition, certification, finance-readiness, insurance-readiness, Public Authority approval, procurement advantage, provider preference, sponsor validation, public warning, emergency command, official status, protocol effect, Nexus-compatible status, maturity, validation, verification, adoption, or execution authority beyond proper records.

17.33.10(c) The incident shall be reviewed for affected channels, affected audiences, source records, public reliance, sponsor or provider benefit, Public Authority confusion, finance implications, and correction needs.

17.33.10(d) Corrective action may include immediate takedown request, correction, clarification, public-safe notice, controlled notice, withdrawal, retraction, public claims training, access restriction, participant discipline, or Board reporting.

17.33.10(e) The controlling rule shall be that public claims must be corrected where they exceed record, authority, or boundary.

***

17.33.11 Governance Incident Intake, Investigation, Correction, Reconsideration, Ratification Where Lawful, Withdrawal, Public-Safe Notice, and Lessons Learned.\
17.33.11(a) Governance Incidents shall be handled through intake, triage, classification, containment, evidence preservation, investigation, conflict review, legal review where appropriate, boundary review, public-safe review, decision on correction state, implementation, notice, downstream dependency review, closeout, and lessons learned.

17.33.11(b) Interim action may include hold, quarantine, access restriction, publication pause, release pause, room suspension, public claims hold, Public Authority clarification, finance-boundary review, GRA routing, GRF routing, Protocol Authority routing, or Board escalation.

17.33.11(c) Correction may include clarification, erratum, record correction, reconsideration, ratification where lawful and appropriate, rescission, supersession, withdrawal, retraction, downgrade, suspension, reclassification, public-safe notice, controlled notice, training, discipline, policy amendment, or governance redesign.

17.33.11(d) Ratification shall not be used to conceal unauthorized action, validate prohibited functions, bypass required approvals, cure conflicts without review, or avoid public-safe correction where reliance risk exists.

17.33.11(e) Lessons learned shall identify root cause, control failure, training need, policy need, records need, access change, public claims change, governance update, and recurrence-prevention action.

17.33.11(f) The controlling rule shall be that governance incidents must be investigated, corrected, learned from, and recorded.

***

17.33.12 Governance Incident Register.\
17.33.12(a) GCRI Canada shall maintain a Governance Incident Register.

17.33.12(b) The Register shall identify incident ID, Case ID where applicable, incident type, date, reporter, affected persons, affected bodies, affected decisions, affected records, affected materials, affected systems, affected Public Authorities, affected finance materials, affected sponsors or providers, severity, containment, investigation owner, findings, correction state, notices, corrective actions, lessons learned, Board reporting, and closeout.

17.33.12(c) The Register shall link to Board records, Officer records, delegation records, committee records, conflict records, publication records, data records, AI records, cybersecurity records, Public Authority records, finance-boundary records, sponsor records, provider records, Nexus interface records, and correction records where applicable.

17.33.12(d) Access to the Register shall be restricted according to confidentiality, privacy, legal privilege, cybersecurity, public-safe, Public Authority, finance-sensitive, and protected knowledge requirements.

17.33.12(e) The controlling rule shall be that governance incidents must be visible to governance without unsafe disclosure.

***

### 17.34 Governance Assurance

17.34.1 Periodic Governance Assurance.\
17.34.1(a) GCRI Canada shall conduct periodic Governance Assurance to test whether governance instruments, Board processes, Officer delegations, committees, advisory structures, Working Groups, conflicts controls, records, decisions, training, and correction systems operate as intended.

17.34.1(b) Governance Assurance shall be risk-based and proportionate to GCRI Canada’s public-benefit role, non-executing posture, technical complexity, public-facing significance, Public Authority interfaces, finance-boundary exposure, data and AI activities, cybersecurity risk, protected knowledge exposure, sponsor and provider relationships, and Nexus interfaces.

17.34.1(c) Assurance may include document review, register review, sampling, interviews, control testing, public claims review, decision pack review, training review, access review, conflict review, committee review, delegation review, and incident trend review.

17.34.1(d) Governance Assurance shall identify whether governance is functioning in practice, not merely whether policies exist.

17.34.1(e) The controlling rule shall be that governance must be periodically tested because drift often appears first in practice.

***

17.34.2 Board Authority Assurance.\
17.34.2(a) Board Authority Assurance shall test whether Board actions were taken with lawful authority, proper procedure, proper quorum where required, proper notice where required, conflict disclosure, recusal, decision-grade records, and appropriate implementation records.

17.34.2(b) Assurance shall review whether Board-reserved matters were properly identified and brought to the Board.

17.34.2(c) Assurance shall identify unauthorized Board subset action, informal Board approval, email governance, chat governance, unrecorded authority, stale resolutions, missing minutes, missing conditions, or unclear implementation authority.

17.34.2(d) Findings shall require correction, ratification where lawful, rescission, record remediation, Board training, process change, or legal review.

17.34.2(e) The controlling rule shall be that Board authority must be assured as authority, not presumed from intent.

***

17.34.3 Bylaw Alignment Assurance.\
17.34.3(a) Bylaw Alignment Assurance shall test whether Board actions, Officer actions, committee actions, Charter interpretations, policies, procedures, delegations, advisory structures, Working Groups, and governance records remain aligned with applicable law, articles, and Bylaw.

17.34.3(b) Assurance shall assess whether the Bylaw properly controls corporate mechanics, including meetings, notices, quorum, voting, Director appointment or removal, Officer authority, committees, records, member rights where applicable, amendments, and dissolution.

17.34.3(c) Assurance shall identify where Charter language, policy language, committee practice, officer practice, or informal governance may be inconsistent with the Bylaw or applicable law.

17.34.3(d) Findings shall require legal review, interpretation, amendment, supersession, procedure correction, training, or Board action.

17.34.3(e) The controlling rule shall be that public-good ambition must remain legally and procedurally aligned.

***

17.34.4 Fiduciary Duty Assurance.\
17.34.4(a) Fiduciary Duty Assurance shall test whether Directors and, where relevant, Officers are acting with good faith, loyalty, care, diligence, prudence, independence, confidentiality, conflict discipline, and public-benefit judgment.

17.34.4(b) Assurance shall review attendance, preparation, conflicts, recusals, related-party transactions, independence, Board materials, decision records, dissent handling, training, and performance concerns.

17.34.4(c) Assurance shall identify passive ratification, founder dependence, sponsor influence, provider influence, Public Authority pressure, capital-reader pressure, insufficient information, unmanaged conflicts, or failure to correct.

17.34.4(d) Findings may require training, conflict mitigation, Director review, Board process change, independent review, governance redesign, or Board action.

17.34.4(e) The controlling rule shall be that fiduciary duty must be evidenced through governance behavior.

***

17.34.5 Mission Lock Assurance.\
17.34.5(a) Mission Lock Assurance shall test whether GCRI Canada remains aligned with its Canadian public-benefit, nonprofit, non-share, non-distributing, non-executing, evidence-and-methods, public-good technical institution identity.

17.34.5(b) Assurance shall review programs, funding, partnerships, publications, technical releases, public authority learning, data practices, AI practices, cybersecurity practices, sponsorships, provider relationships, public claims, National Company interfaces, Project SPV interfaces, and Nexus interfaces.

17.34.5(c) Assurance shall identify commercial drift, financial-services drift, Public Authority substitution, provider capture, sponsor capture, technical asset enclosure, public warning drift, certification drift, Protocol Authority drift, execution drift, or unbounded technology expansion beyond public-benefit purpose.

17.34.5(d) Findings shall require narrowing, correction, withdrawal, role clarification, agreement amendment, access restriction, Board decision, or strategic renewal.

17.34.5(e) The controlling rule shall be that mission lock must be assured against drift created by success, growth, and visibility.

***

17.34.6 Non-Execution Assurance.\
17.34.6(a) Non-Execution Assurance shall test whether GCRI Canada has avoided execution functions and maintained the bright line between upstream public-good stewardship and downstream consequence.

17.34.6(b) Assurance shall review emergency command boundaries, public warning boundaries, regulatory boundaries, procurement boundaries, public finance boundaries, finance boundaries, certification-by-default boundaries, professional advice boundaries, infrastructure operation boundaries, market operation boundaries, National Company boundaries, Project SPV boundaries, provider boundaries, and Protocol Authority boundaries.

17.34.6(c) Assurance shall identify materials, decisions, dashboards, maps, technical releases, public authority learning outputs, rooms, public claims, or interfaces that may imply execution authority.

17.34.6(d) Findings shall require boundary language, correction, withdrawal, controlled notice, public-safe notice, routing to competent authority, access restriction, training, or Board action.

17.34.6(e) The controlling rule shall be that non-execution must be tested where institutional outputs create real-world reliance.

***

17.34.7 Public-Good Stack and Nexus Role Separation Assurance.\
17.34.7(a) Public-Good Stack and Nexus Role Separation Assurance shall test whether GCRI Canada remains distinct from GRF, GRA, Protocol Authority, Nexus entities, National Consortium Companies, Project SPVs, Qualified Providers, sponsors, hosts, Public Authorities, universities, communities, and capital readers.

17.34.7(b) Assurance shall review One Rail / Two Stacks discipline, Public-Good Firewall, shared records, interface agreements, public claims, technical interfaces, data interfaces, GRA inputs, GRF inputs, Protocol Authority inputs, National Company interfaces, Project SPV interfaces, and Nexus public descriptions.

17.34.7(c) Assurance shall identify role ambiguity, shared liability risk, merger implication, agency implication, authority transfer implication, public claim overreach, public authority confusion, finance overclaim, provider preference, sponsor validation, or execution implication.

17.34.7(d) Findings shall require divergence logs, equivalence notes, interface amendments, public-safe corrections, controlled notices, access restrictions, or Board action.

17.34.7(e) The controlling rule shall be that Nexus coherence must not become Nexus role collapse.

***

17.34.8 Committee, Council, Working Group, and Delegation Assurance.\
17.34.8(a) Committee, Council, Working Group, and Delegation Assurance shall test whether governance structures and delegated authorities remain lawful, scoped, recorded, necessary, conflict-managed, access-controlled, public-safe, and within mandate.

17.34.8(b) Assurance shall review committee charters, advisory terms, Working Group mandates, delegation records, meeting records, output classifications, public statements, conflicts, recusals, access rights, reporting duties, and closeout.

17.34.8(c) Assurance shall identify shadow governance, committee overreach, advisory overclaim, Working Group misuse, stale delegations, unrecorded authority, access drift, output misclassification, or public claims risk.

17.34.8(d) Findings shall require mandate correction, charter amendment, delegation amendment, output correction, access restriction, training, suspension, dissolution, or Board reporting.

17.34.8(e) The controlling rule shall be that distributed governance must remain visible, limited, and accountable.

***

17.34.9 Conflict, Independence, Recusal, and Related-Party Assurance.\
17.34.9(a) Conflict, Independence, Recusal, and Related-Party Assurance shall test whether conflicts are disclosed, independence is preserved, recusals are enforced, access restrictions are implemented, and related-party transactions are reviewed properly.

17.34.9(b) Assurance shall review conflict registers, independence registers, recusal records, access logs, related-party records, fairness determinations, disinterested approvals, gifts and hospitality records, public claims, and affected decisions.

17.34.9(c) Assurance shall identify missing disclosures, stale disclosures, improper participation, informal influence, access leakage, unreviewed related-party transactions, sponsor influence, provider preference, finance conflicts, Public Authority conflicts, or structural conflict patterns.

17.34.9(d) Findings shall require updated disclosures, recusal, independent review, access restriction, reconsideration, ratification where lawful, rescission, discipline, training, or Board action.

17.34.9(e) The controlling rule shall be that independence must be tested because influence often hides in access and relationships.

***

17.34.10 Governance Records and Decision Pack Assurance.\
17.34.10(a) Governance Records and Decision Pack Assurance shall test whether material governance decisions are supported by proper records, authority mapping, Decision Packs, minutes, resolutions, delegations, registers, repository deposits, Gazette notices where appropriate, correction paths, and closeout records.

17.34.10(b) Assurance shall review Board records, Director records, Officer records, committee records, advisory records, Working Group records, conflict records, recusal records, delegation records, Board-reserved matter records, Decision Pack records, policy records, correction records, and archive records.

17.34.10(c) Assurance shall identify missing records, incomplete Decision Packs, unclear authority, missing conditions, unclosed actions, stale versions, silent edits, unsupported public meaning, repository gaps, Gazette gaps, and unlinked corrections.

17.34.10(d) Findings shall require record remediation, repository correction, Gazette notice, supersession, withdrawal, no-silent-edit correction, training, or Board reporting.

17.34.10(e) The controlling rule shall be that governance is only as strong as the records that prove and correct it.

***

17.34.11 Governance Training and Evaluation Assurance.\
17.34.11(a) Governance Training and Evaluation Assurance shall test whether required governance training, onboarding, refresh cycles, acknowledgments, evaluations, skills reviews, committee evaluations, delegation evaluations, and corrective actions are completed and effective.

17.34.11(b) Assurance shall review Director onboarding, Officer onboarding, committee onboarding, council onboarding, fiduciary training, Charter and Bylaw training, boundary training, Public Authority training, finance-boundary training, data / AI / cybersecurity training, records training, correction training, safeguards training, and protected knowledge training.

17.34.11(c) Assurance shall identify missed training, stale training, ineffective training, repeated failures after training, missing acknowledgments, unresolved evaluation findings, unclosed renewal actions, and training-access mismatches.

17.34.11(d) Findings shall require training updates, access restrictions, role restrictions, policy changes, evaluation follow-up, Board reporting, or remediation.

17.34.11(e) The controlling rule shall be that governance training and evaluation must change behavior, not merely complete records.

***

17.34.12 Assurance Findings, Corrective Action Plans, Governance Updates, Training Updates, and Board Reporting.\
17.34.12(a) Governance Assurance findings shall be recorded, classified, prioritized, assigned, corrected, verified, and reported according to risk and governance significance.

17.34.12(b) Corrective action plans shall identify finding, root cause, affected records, affected actors, affected decisions, affected public claims, affected systems, responsible owner, required action, deadline, verification method, governance update, training update, public-safe implication, controlled notice requirement, and closeout criteria.

17.34.12(c) Material assurance findings shall be reported to the Board with risk status, corrective action status, unresolved issues, resource needs, policy implications, public trust implications, and recurrence-prevention measures.

17.34.12(d) Governance updates may include Charter amendment, Bylaw amendment, policy amendment, delegation revision, committee redesign, advisory structure revision, Working Group closure, records remediation, public claims correction, training redesign, or access redesign.

17.34.12(e) The controlling rule shall be that assurance must culminate in accountable governance improvement.

***

### 17.35 Part XVII Closing Integration Clause

17.35.1 Part XVII shall govern the board stewardship, Charter oversight, officer, committee, council, delegation, fiduciary-duty, conflict, and independence reading of all later Parts.\
17.35.1(a) This Part XVII shall govern the interpretation of all later Parts concerning Board stewardship, Charter oversight, fiduciary duty, Director eligibility, Board independence, Board-reserved matters, Board decision process, Officers, executive leadership, delegation, committees, advisory councils, Leadership Councils, Helix Councils, technical panels, Working Groups, conflicts, recusals, related-party transactions, governance records, evaluation, training, governance incidents, and governance assurance.

17.35.1(b) All later Parts shall be read consistently with the principle that GCRI Canada’s authority must arise through lawful governance, proper delegation, proper record, conflict discipline, boundary discipline, and accountability.

17.35.1(c) No later Part shall be read to dilute the Board’s stewardship responsibility for mission lock, non-execution, Public-Good Stack alignment, Nexus role separation, evidence integrity, data rights, cybersecurity, Public Authority boundaries, finance boundaries, provider neutrality, sponsor non-control, community safeguards, protected knowledge, validity-by-record, correctionability, and public trust.

17.35.1(d) The controlling rule shall be that governance architecture is the constitutional operating system of GCRI Canada.

***

17.35.2 No later Part shall be interpreted to permit any director, officer, committee, council, working group, advisor, fellow, staff member, sponsor, provider, host, public authority, university, community participant, capital reader, National Company, Project SPV, or Nexus actor to exercise GCRI Canada authority without lawful authority, proper delegation, proper record, conflict review, boundary review, and accountability.\
17.35.2(a) No later Part shall be interpreted to permit any Director, Officer, committee, council, Working Group, advisor, fellow, staff member, contractor, sponsor, donor, funder, provider, vendor, host, Public Authority, university, laboratory, community participant, Indigenous knowledge holder, civil society actor, media actor, capital reader, National Company, Project SPV, Nexus entity, or other participant to exercise GCRI Canada authority without lawful authority, proper delegation, proper record, conflict review, boundary review, and accountability.

17.35.2(b) Authority shall not arise from title, proximity, expertise, funding, sponsorship, provider participation, Public Authority participation, capital access, founder status, media visibility, technical centrality, advisory participation, Working Group contribution, or Nexus affiliation.

17.35.2(c) Where authority is uncertain, the person or body shall pause, narrow, seek review, obtain recorded authority, or refuse action until proper authority exists.

17.35.2(d) Any purported exercise of authority without proper basis shall be held, reviewed, corrected, ratified only where lawful and appropriate, rescinded, withdrawn, or publicly clarified where reliance risk exists.

17.35.2(e) The controlling rule shall be that GCRI Canada authority must be lawful, delegated, recorded, reviewed, and accountable.

***

17.35.3 No later Part shall be interpreted to allow governance informality, founder control, sponsor control, provider control, council overreach, committee overreach, officer overreach, public authority confusion, finance overclaim, certification drift, procurement steering, execution drift, or technical asset enclosure.\
17.35.3(a) No later Part shall be interpreted to allow governance informality, no-record approval, email governance, chat governance, verbal authority, silent edits, uncontrolled documents, founder control, sponsor control, provider control, donor control, funder control, host control, capital-reader control, Public Authority control, or shadow governance.

17.35.3(b) No later Part shall be interpreted to allow council overreach, committee overreach, Working Group overreach, Officer overreach, advisor overreach, technical contributor overreach, public authority confusion, finance overclaim, certification drift, recognition drift, maturity overclaim, procurement steering, provider preference, sponsor validation, public warning drift, emergency command drift, protocol-authority drift, execution drift, or technical asset enclosure.

17.35.3(c) No later Part shall be interpreted to permit GCRI Canada’s evidence, methods, publications, public-safe summaries, dashboards, maps, datasets, public-good software, Open Technical Baselines, technical releases, rooms, repositories, controlled vocabulary, or Nexus interfaces to become private advantage, public authority signal, finance signal, certification signal, procurement advantage, or execution authority by implication.

17.35.3(d) Where any such risk arises, the matter shall be escalated for legal, governance, boundary, records, public-safe, data, AI, cybersecurity, safeguards, finance, Public Authority, or Board review as appropriate.

17.35.3(e) The controlling rule shall be that governance informality and role drift are prohibited because they convert public-good stewardship into unaccountable power.

***

17.35.4 Where ambiguity exists, the interpretation that better preserves fiduciary duty, board stewardship, Charter–Bylaw alignment, mission lock, non-execution, public-good stack separation, evidence integrity, data rights, cybersecurity, public authority boundaries, finance-readiness boundaries, provider neutrality, sponsor non-control, community safeguards, legal separateness, validity-by-record, correctionability, and public trust shall prevail.\
17.35.4(a) Where ambiguity exists in this Part XVII or any later Part concerning authority, delegation, Board action, Officer action, committee action, advisory action, Working Group output, conflict, recusal, public claim, Public Authority interface, finance-facing material, sponsor relationship, provider relationship, technical asset, data activity, AI use, cybersecurity control, publication, safeguard, protected knowledge, National Company interface, Project SPV interface, or Nexus interface, the interpretation that better preserves fiduciary duty and Board stewardship shall prevail.

17.35.4(b) The preferred interpretation shall preserve Charter–Bylaw alignment, mission lock, non-execution, Public-Good Stack separation, One Rail / Two Stacks discipline, Public-Good Firewall, evidence integrity, methods integrity, data rights, privacy, cybersecurity, Public Authority boundaries, finance-readiness boundaries, procurement neutrality, provider neutrality, sponsor non-control, community safeguards, Indigenous and protected knowledge safeguards, legal separateness, validity-by-record, correctionability, and public trust.

17.35.4(c) Ambiguity shall not be resolved in favor of broader authority, faster action, convenience, funding opportunity, sponsor preference, provider preference, public authority proximity, media simplicity, capital-reader interest, founder preference, technical integration, public visibility, or Nexus narrative coherence.

17.35.4(d) Where necessary to preserve this rule, GCRI Canada shall narrow authority, restrict access, require recusal, obtain independent review, reclassify outputs, add boundary language, correct records, withdraw materials, issue public-safe or controlled notices, revise delegation, amend governance instruments, suspend participation, or escalate to the Board.

17.35.4(e) The controlling rule shall be that governance ambiguity must be resolved toward lawful authority, restraint, records, safeguards, correction, and trust.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.therisk.global/organization/organization/governance/charters/gcri-ca/xvii.-governance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.