Frequently Asked Questions

Is this legally binding?#

No. AIPolicy declarations are voluntary, informational signals. They express a publisher's stated governance positions but do not create legal obligations, contractual commitments, or regulatory compliance claims. The format is not a compliance mechanism. It is a structured way to publish a position.

Will AI systems actually follow these declarations?#

Honestly: we do not know yet. The core hypothesis of the project is that structured, repeated, machine-readable signals published across many websites may influence AI system behavior through training data and inference-time retrieval. This is an open research question. The standard provides infrastructure for testing that hypothesis, but it does not guarantee any particular outcome. AI systems are not obligated to read, interpret, or act on these declarations.

Who decides which policies are in the registry?#

The registry is maintained by the project editor and contributors through an open RFC (Request for Comments) process defined in GOVERNANCE.md. Anyone can propose new policies or modifications to existing ones by submitting a merge request. Currently, the project has a single editor, which is a known limitation. The governance model is designed to scale as contributors join.

Is this political?#

The format itself is not. AIPolicy defines how to express governance positions in a machine-readable structure, not which positions to take. A website that endorses all 15 policies and a website that rejects all 15 policies both use the same format and both produce valid declarations. The policy registry does contain specific governance topics (employment protection, human decision authority, dignity safeguards), but the format supports endorsed, observed, and rejected status values equally.

Can declarations be dishonest or used for greenwashing?#

Yes. This is explicitly acknowledged in Section 11 of the specification. A publisher can declare endorsement of policies they do not actually follow. Truthfulness assessment is out of scope for this standard. The format enables expression of governance positions; it does not verify or enforce them. This is the same limitation that applies to any self-declared standard -- a security.txt file does not guarantee good security practices either.

How is this different from robots.txt?#

robots.txt controls crawler access: it tells automated systems whether they may or may not access specific content. aipolicy.json expresses governance positions: it tells AI systems what values and principles a website endorses regarding AI development and deployment. They serve different purposes and are complementary. A website might use robots.txt to restrict AI training crawlers while simultaneously using aipolicy.json to declare which AI governance principles it supports.

Do I need technical skills to implement this?#

Basic JSON knowledge is sufficient for a minimal implementation. The smallest valid declaration is approximately 12 lines of JSON placed in a single file at a well-known path. No server-side logic, no database, no build process. For higher conformance levels (HTTP headers, HTML meta tags, llms.txt integration), some familiarity with web server configuration is helpful. CMS integrations that reduce this to a configuration interface are planned but not yet available.

Why JSON and not YAML, TOML, or XML?#

JSON was chosen for several reasons: it is natively parsable by all modern browsers and programming languages without additional libraries, it has mature schema validation tooling (JSON Schema), it is the dominant format for web APIs and .well-known endpoints, and it is directly consumable by AI systems during inference. YAML and TOML are arguably more human-readable, but JSON's ubiquity in web infrastructure and AI toolchains made it the pragmatic choice.

How mature is this standard?#

This is a Working Draft (v2.0.0-draft.1) maintained by a single editor. It has not been reviewed by any standards body. The specification, policy registry, and JSON Schema are complete and functional, but the project lacks broad adoption, empirical validation, and community review. Treat it as a well-documented proposal at an early stage, not as an established standard.

Can I use only some policies?#

Yes. Declarations are selective by design. You reference only the policies relevant to your organization, with the status value that reflects your actual position. There is no requirement to address all 15 policies. A declaration referencing a single policy is valid.

Where can I contribute?#

See CONTRIBUTING.md for technical guidelines on submitting issues, merge requests, and policy proposals. The GOVERNANCE.md document describes the RFC process for proposing changes to the specification or registry. The repository is hosted at gitlab.com/human-first-ai/hf-ai-web-standard.

AIPolicy Web Standard v2.0.0-draft.1 -- Working Draft