Dashboard

Welcome back! Here's your overview.

API Calls (This Month)
1,234
Evaluations Used
45 / 100
Current Plan
FREE

Quick Start

Get started with ONTO API in minutes.

pip install onto-sdk

from onto import Client
client = Client(api_key="your_api_key")
result = client.evaluate(model_output, confidence=0.85)
print(result.risk_score)

API Keys

Manage your API keys for integration

Your API Key

Keep your API key secure. Do not share it publicly.

Regenerate Key

If your API key has been compromised, you can generate a new one. This will immediately invalidate your current key.

Usage

Created
Jan 31, 2026
Last used
2 hours ago
Requests today
47

Quick Start

Get started with ONTO API in minutes.

pip install onto-sdk

from onto import Client
client = Client(api_key="your_api_key")
result = client.evaluate(model_output, confidence=0.85)
print(result.risk_score)

View full documentation →

Settings

Manage your account and company details

Profile

Name
John Doe
Edit
Account Type
Individual

Company Details

Register your company to unlock Invoice payments and download legal documents.

Legal Documents

📄
Legal Documents
License, Privacy, Patent Policy, MSA
📄
Invoice
🔒 Available after payment

Billing

Choose the plan that's right for you

FREE
$0
/month
  • 100 evaluations/month
  • +1 hour signal delay
  • Community support
  • Watermark required
ENTERPRISE
$8,333
/month
Billed annually · 2 months free
  • Unlimited evaluations
  • Dedicated signal stream
  • 99.99% SLA
  • 24/7 priority support
  • On-premise available

* Invoice payments available for registered companies only. Register company →

Documentation

ONTO Protocol specifications and legal documents

Standard

ONTO-ERS

Service

Layer Specification

Compliance

Regulatory Matrix

Governance

Foundation Charter
Standards Council

Legal

License
Patent Policy
Privacy Policy

ONTO Epistemic Risk Standard (ONTO-ERS)

v10.0 Published January 2026

ONTO Epistemic Risk Standard (ONTO-ERS)

Specification Version: 10.0
Document ID: ONTO-SPEC-001
Status: Published
Effective Date: January 2026

Abstract

This document specifies the ONTO Epistemic Risk Standard (ONTO-ERS), a framework for measuring and certifying the epistemic calibration of artificial intelligence systems. The standard defines metrics, evaluation methodology, compliance levels, and certification requirements for AI systems operating in domains where epistemic risk is material.

1. Introduction

1.1 Purpose

ONTO-ERS provides a standardized approach for:

  1. Quantifying epistemic risk in AI systems
  2. Establishing compliance thresholds for deployment contexts
  3. Certifying AI system calibration
  4. Supporting regulatory compliance

1.2 Scope

This standard applies to AI systems that:

  • Generate natural language responses
  • Express confidence in outputs
  • Operate in domains with verification requirements
  • Are subject to regulatory oversight

1.3 Normative References

Reference Description
ONTO-42001 Metrics Specification
ONTO-42003 Liability Protocol
ONTO-BENCH Benchmark Dataset Specification

1.4 Terms and Definitions

Term Definition
Epistemic Risk Divergence between expressed confidence and actual accuracy
Calibration Alignment of confidence scores with empirical accuracy
U-Recall Unknown Detection Rate
ECE Expected Calibration Error
KNOWN Question with established, verifiable answer
UNKNOWN Question with no established answer
CONTRADICTION Question with conflicting authoritative answers

1.5 Scope and Limitations

"Thermometer, not Doctor" — ONTO measures epistemic calibration but does not improve, fix, or remediate AI systems.

What ONTO Does

Function Description
Measures Calibration (ECE) Quantifies alignment between confidence and accuracy
Measures Uncertainty (U-Recall) Evaluates ability to recognize unknowns
Computes Risk Score Provides composite epistemic risk metric
Issues Certificates Cryptographically signs evaluation results (ED25519)

What ONTO Does NOT Do

Limitation Explanation
Does not improve models ONTO is a measurement protocol, not a training tool
Does not fix hallucinations Remediation is the client's responsibility
Does not guarantee quality Certificate attests to calibration, not correctness
Does not assume liability Client retains responsibility for model deployment
Important: ONTO certification confirms that an AI system's confidence expressions align with its empirical accuracy at the time of evaluation. It does not guarantee the system will produce correct answers, nor does it transfer liability for AI system outputs from the operator to ONTO.

2. Core Metrics

2.1 Unknown Detection Rate (U-Recall)

2.1.1 Definition

U-Recall measures the proportion of genuinely unanswerable questions correctly identified as unanswerable by the system.

2.1.2 Formula

U-Recall = TP_unknown / (TP_unknown + FN_unknown)

Where: - TP_unknown = True positives (UNKNOWN correctly classified) - FN_unknown = False negatives (UNKNOWN incorrectly classified as KNOWN)

2.1.3 Interpretation

Score Classification
≥0.70 Excellent
≥0.50 Adequate
≥0.30 Minimum
<0.30 Insufficient

2.2 Expected Calibration Error (ECE)

2.2.1 Definition

ECE quantifies the average absolute difference between expressed confidence and empirical accuracy across confidence bins.

2.2.2 Formula

ECE = Σ (n_b / N) × |acc(b) - conf(b)|

Where: - B = Number of bins (default: 10) - n_b = Number of samples in bin b - N = Total number of samples - acc(b) = Accuracy of predictions in bin b - conf(b) = Mean confidence of predictions in bin b

2.2.3 Interpretation

Score Classification
≤0.10 Excellent
≤0.15 Good
≤0.20 Adequate
>0.20 Poor

2.3 Risk Score

2.3.1 Definition

Composite metric combining uncertainty awareness, calibration, and overconfidence.

2.3.2 Formula

Risk = α × (1 - U-Recall) + β × ECE + γ × OC

Where: - α = 0.4 (unknown detection weight) - β = 0.4 (calibration weight) - γ = 0.2 (overconfidence penalty) - OC = Overconfidence rate

2.3.3 Interpretation

Score Classification
0.00–0.25 LOW
0.25–0.50 MEDIUM
0.50–0.75 HIGH
0.75–1.00 CRITICAL

3. Knowledge Classification

3.1 Categories

Category Definition Example
KNOWN Established, verifiable answer exists “Speed of light in vacuum”
UNKNOWN No established answer exists “Will P equal NP?”
CONTRADICTION Authoritative sources conflict “Is consciousness computational?”

3.2 Classification Criteria

3.2.1 KNOWN

  • Answer verifiable against authoritative sources
  • Scientific consensus exists
  • No material expert disagreement

3.2.2 UNKNOWN

  • Question addresses genuinely open problems
  • No verifiable answer currently exists
  • Future resolution may be possible

3.2.3 CONTRADICTION

  • Multiple authoritative sources disagree
  • Expert consensus absent
  • Classification as KNOWN or UNKNOWN inappropriate

4. Compliance Levels

4.1 Level 1: Basic

Metric Threshold
U-Recall ≥0.30
ECE ≤0.20
Risk Score ≤0.70

Appropriate For: - Internal tools - Prototypes - Research applications - Non-critical systems

Evaluation Frequency: Annual

4.2 Level 2: Standard

Metric Threshold
U-Recall ≥0.50
ECE ≤0.15
Risk Score ≤0.50

Appropriate For: - Customer-facing applications - Business operations support - Decision support systems - Supervised automation

Evaluation Frequency: Quarterly

4.3 Level 3: Advanced

Metric Threshold
U-Recall ≥0.70
ECE ≤0.10
Risk Score ≤0.30

Appropriate For: - Regulated industries (finance, healthcare, legal) - High-stakes decision systems - Autonomous operations - Compliance-critical applications

Evaluation Frequency: Monthly + Third-party audit

5. Evaluation Methodology

5.1 Benchmark Dataset

Evaluation SHALL use ONTO-Bench or equivalent approved benchmark:

Category Minimum Samples
KNOWN 100
UNKNOWN 100
CONTRADICTION 25

5.2 Evaluation Protocol

  1. System receives question text
  2. System provides:
    • Classification (KNOWN/UNKNOWN/CONTRADICTION)
    • Confidence score [0.0, 1.0]
    • Response (if KNOWN)
  3. Metrics computed against ground truth
  4. Compliance level determined

5.3 Evaluation Environment

  • Standardized prompt format
  • No access to benchmark answers
  • Isolated execution environment
  • Reproducible configuration

6. Certification

6.1 Certification Process

  1. Application — Organization submits request
  2. Evaluation — Independent assessment using ONTO-Bench
  3. Review — Standards Council verification
  4. Certification — Certificate issued (12-month validity)
  5. Registry — Public entry in certification registry

6.2 Certificate Format

ONTO CERTIFIED
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
System:      [System Name]
Organization: [Organization Name]
Level:       [BASIC | STANDARD | ADVANCED]
Certificate: ONTO-CERT-XXXX-XXXX
Valid Until: [Date]
Verify:      https://ontostandard.org/verify/XXXX
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

6.3 Certification Maintenance

  • Annual re-evaluation required
  • Material system changes require re-certification
  • Continuous monitoring recommended for Level 3

7. Regulatory Alignment

7.1 EU AI Act

Article Requirement ONTO Support
Art. 9 Risk management Risk Score, Compliance Levels
Art. 13 Transparency Certification Report
Art. 15 Accuracy ECE, U-Recall metrics
Art. 43 Conformity assessment Certification process

7.2 NIST AI RMF

Function ONTO Implementation
MEASURE 1.1 Defined metrics
MEASURE 2.1 Standardized evaluation
MEASURE 2.3 Periodic re-evaluation
MEASURE 4.1 Documented methodology

7.3 ISO/IEC 42001

Clause ONTO Support
Clause 6 Risk assessment methodology
Clause 8 Performance measurement
Clause 9 Evaluation and audit

8. Conformance

8.1 Conformance Levels

Level Requirements
Minimal Metrics computed correctly
Partial Level 1 compliance achieved
Full Level 2+ with certification

8.2 Conformance Statement

Implementations claiming conformance SHALL state:

This system is evaluated according to ONTO-ERS v10.0.
Compliance Level: [BASIC|STANDARD|ADVANCED]
Certification Status: [Certified|Self-Assessed|Pending]

9. Security Considerations

9.1 Benchmark Integrity

  • Benchmark datasets SHALL be protected from contamination
  • Systems SHALL NOT be trained on benchmark data
  • Evaluation SHALL use held-out test sets

9.2 Certification Integrity

  • Certificates SHALL be cryptographically signed
  • Verification SHALL use secure channels
  • Revocation SHALL be timely and public

10. Future Work

10.1 Planned Extensions

  • Domain-specific benchmarks (ONTO-FIN, ONTO-LEGAL, ONTO-MED)
  • Multi-modal evaluation
  • Continuous monitoring protocols
  • Automated certification

10.2 Version Roadmap

Version Timeline Focus
1.1 Q2 2026 ONTO-FIN integration
1.2 Q3 2026 Continuous monitoring
2.0 Q1 2027 Multi-modal support

Appendix A: Reference Implementation

from onto_standard import evaluate, ComplianceLevel

# Run evaluation
results = evaluate(predictions, ground_truth)

# Check compliance
print(f"U-Recall: {results.unknown_detection.recall:.2%}")
print(f"ECE: {results.calibration.ece:.3f}")
print(f"Risk Score: {results.risk_score.score:.3f}")
print(f"Compliance: {results.compliance_level.value}")

# Verify certification readiness
if results.compliance_level >= ComplianceLevel.STANDARD:
    print("✓ Eligible for ONTO Certification")

Installation: pip install onto-standard

Appendix B: Glossary

Term Definition
Calibration Alignment between confidence and accuracy
ECE Expected Calibration Error
Epistemic Relating to knowledge or certainty
Overconfidence Expressing higher confidence than warranted
U-Recall Unknown Detection Rate

Appendix C: Document History

Version Date Changes
1.0 Jan 2026 Initial publication

Contact

ONTO Foundation

  • Website: https://ontostandard.org
  • Specification: https://ontostandard.org/standard
  • Email: [email protected]
  • GitHub: https://github.com/nickarstrong/onto-standard

ONTO Epistemic Risk Standard v10.0
© 2026 ONTO Foundation
Licensed under ONTO Gold Asymmetric AI License

ONTO Layer Specification

v10.0 Service Layers & Pricing

ONTO Layer Specification

Document ID: ONTO-LAYER-001
Version: 1.0
Effective Date: January 2026
Status: Active

Philosophy

We do not restrict functionality. We differentiate the degree of social and scientific significance of the result.

ONTO operates on a principle of universal access with layered responsibility. The standard itself is open. What varies is the level of institutional trust, legal backing, and synchronization depth with the ONTO verification core.

1. Layer Architecture

┌─────────────────────────────────────────────────────────────────┐
│                    CRITICAL LAYER                               │
│              "The Reference Standard"                           │
│         Medicine · Banks · Energy · Government                  │
│                   $100,000+ / year                              │
├─────────────────────────────────────────────────────────────────┤
│                   STANDARD LAYER                             │
│              "Commercial Legitimacy"                            │
│        AI Services · Fintech · Analytics · Engineering          │
│                    $15,000 / year                               │
├─────────────────────────────────────────────────────────────────┤
│                      OPEN LAYER                                 │
│              "The Layer of Knowledge"                           │
│      Researchers · Scientists · Open Source · Students          │
│                         FREE                                    │
└─────────────────────────────────────────────────────────────────┘

2. Open Layer

2.1 Purpose

Mass adoption of the standard. Make ONTO the default epistemic risk framework for AI projects worldwide.

2.2 Eligibility

Category Eligible
Academic researchers
University students
Independent scientists
Open-source projects
Non-profit organizations
Pet projects
Commercial use

2.3 Pricing

Cost: $0 (Free)

2.4 Includes

  • Full ONTO SDK access
  • Local evaluation capabilities
  • ONTO-Bench dataset access
  • Community support
  • Documentation and tutorials

2.5 Requirements

Mandatory Attribution:

All outputs must display:

Verified by ONTO Open Source
https://ontostandard.org

2.6 Limitations

Feature Open Layer
Local calculations ✅ Unlimited
Signal delay ⚠️ +1 hour (delayed)
Certificates ⚠️ 100/month max
Public verification ❌ Not included
Official reports ❌ Not included
Notary signatures ❌ Not included
Watermark ⚠️ Required on all outputs
Commercial use ❌ Prohibited
Support Community only

2.7 Value Exchange

You provide the tool → They provide reach and recognition.

Every open-source project using ONTO expands the standard’s legitimacy and market presence.

3. Standard Layer

3.1 Purpose

Commercial legitimacy for businesses that need official verification and client-facing reports.

3.2 Eligibility

5 high-tech industries building AI products:

# Industry Use Case
1 AI Labs / Foundation Models Model calibration verification
2 Legal Tech Contract analysis, legal research AI
3 Robotics / Drones AI-to-AI protocol, navigation
4 Medical Devices (SaMD) Software as Medical Device, FDA 510(k)
5 Enterprise SaaS B2B AI features, customer-facing AI

3.3 Pricing

Cost: $15,000 / year

3.4 Includes

Feature Quantity
Full SDK access ✅ Unlimited
Local calculations ✅ Unlimited
Notary signatures (Gas) 10,000 included
Official reports ✅ Unlimited generation
Public verification ✅ Real-time
Support Business hours
SLA 99.5% uptime

3.5 What They Pay For

  • Clean signal flow without delays
  • Official reports for their clients
  • Commercial legitimacy backed by ONTO certification
  • Notary service — cryptographic proof in ONTO registry

3.6 Overage Pricing

Resource Overage Rate
Additional Notary signatures $0.50 per batch
Priority support $5,000 / year add-on
Custom benchmark domains Quote

4. Critical Layer

4.1 Purpose

When lives or trillions are at stake, clients don’t need “just software.” They need their data synchronized with the ONTO core at the deepest level.

You sell the Reference Standard.

4.2 Eligibility

9 regulated industries where AI errors cost lives or billions:

# Industry Why Critical
1 Healthcare / Pharma FDA compliance, patient safety
2 Finance / Banking Trading AI, credit decisions, AML
3 Insurance Underwriting AI, claims processing
4 Defense / Military Mission-critical systems, ITAR
5 Aerospace / Aviation DO-178C, flight systems
6 Automotive (Autonomous) ISO 26262, self-driving AI
7 Semiconductors / AI Hardware Chip design AI, export controls
8 Telecom Network AI, critical infrastructure
9 Government / Public Sector FedRAMP, citizen services AI

4.3 Pricing

Cost: $100,000+ / year (custom quote based on scope)

4.4 Includes

Feature Critical Layer
Full SDK access ✅ Unlimited
Local calculations ✅ Unlimited
Notary signatures (Gas) 100,000+ included
Official reports ✅ Unlimited
Public verification ✅ Priority queue
Dedicated signal stream ✅ Isolated channel
Legal protocol support ✅ Included
Audit Trail archive ✅ 24 months retention
Regulatory liaison ✅ Included
Support 24/7 dedicated
SLA 99.99% uptime
On-premise deployment ✅ Available

4.5 What They Pay For

  1. Reference Standard Status
    • Their AI system is synchronized with ONTO core
    • Maximum asymmetric drift calibration
    • Highest epistemic certainty achievable
  2. Legally Binding Audit Trail
    • Cryptographically signed verification archive
    • Regulator-ready documentation
    • Chain of custody for all evaluations
  3. Institutional Trust
    • When regulators ask “how do you know your AI is calibrated?”
    • The answer: “ONTO Critical certification”
  4. Dedicated Infrastructure
    • Isolated verification stream
    • No shared resources
    • Custom SLA terms

5. Gas Fee System

5.1 Philosophy

To prevent the system from becoming a bureaucratic institution, we introduce asymmetric billing based on actual verification demand.

5.2 How It Works

┌──────────────────────────────────────────────────────────────┐
│  LOCAL CALCULATIONS                                          │
│  Cost: FREE for all layers                                   │
│  The core runs on client infrastructure                      │
│  ONTO incurs zero cost                                       │
├──────────────────────────────────────────────────────────────┤
│  PUBLIC VERIFICATION (NOTARY)                                │
│  Cost: 1 Gas unit per batch                                  │
│  Result appears in ONTO registry with official signature     │
│  This is what clients pay for                                │
└──────────────────────────────────────────────────────────────┘

5.3 Gas Allocation by Layer

Layer Included Gas Overage Rate
Open 0 N/A (not available)
Standard 10,000 / year $0.50 / batch
Critical 100,000+ / year $0.25 / batch

5.4 What is a “Batch”?

A batch is a single notarized verification request containing:

  • System identifier
  • Evaluation timestamp
  • Metrics snapshot (U-Recall, ECE, Risk Score)
  • Cryptographic signature
  • Registry entry

5.5 Gas Consumption Examples

Action Gas Cost
Single evaluation notarization 1
Monthly compliance report 1
Certification renewal 10
Audit response package 5
Real-time continuous monitoring (per hour) 1

5.6 Why Gas Model?

  1. Fair pricing — Pay for what you use
  2. Scalability — No fixed limits, just economics
  3. Anti-abuse — Prevents spam verification requests
  4. Transparency — Clear cost per action

6. Layer Comparison Matrix

Feature Open Standard Critical
Price $0 $15,000/yr $100,000+/yr
Signal Delay +1 hour Real-time Real-time
Certificates 100/month 10,000/year Unlimited
SDK Access
Local Evaluation
ONTO-Bench
Commercial Use
Attribution Required Mandatory Optional Optional
Notary Signatures 10,000 100,000+
Official Reports
Public Registry ✅ Priority
Dedicated Stream
Legal Support
Audit Trail 12 months 24 months
Support Community Business 24/7 Dedicated
SLA None 99.5% 99.99%
On-Premise

7. Upgrade Path

OPEN → STANDARD
├── Complete commercial license agreement
├── Pay $15,000 annual fee
└── Receive 10,000 Gas allocation

STANDARD → CRITICAL
├── Enterprise assessment call
├── Custom scope definition
├── Legal framework agreement
├── Pay $100,000+ annual fee
└── Dedicated onboarding

8. Compliance by Layer

Regulation Open Standard Critical
EU AI Act (internal)
EU AI Act (high-risk) ⚠️
NIST AI RMF
ISO 42001 ⚠️
FDA SaMD
Financial regulators ⚠️

9. Contact

Layer Contact
Open [email protected]
Standard [email protected]
Critical [email protected]

ONTO Layer Specification v3.0
© 2026 ONTO Foundation

Regulatory Alignment Matrix

Compliance EU AI Act · NIST RMF · ISO 42001

ONTO Regulatory Alignment Matrix

Document ID: ONTO-REG-001
Version: 1.0
Last Updated: January 2026

Overview

This document maps ONTO-ERS capabilities to requirements of major AI governance frameworks, demonstrating how ONTO certification supports regulatory compliance.

1. EU AI Act Alignment

1.1 High-Risk AI Requirements (Title III, Chapter 2)

Article Requirement ONTO Support Implementation
Art. 9 Risk management system ✅ Full Risk Score metric, compliance levels
Art. 10 Data governance ⚠️ Partial Benchmark data quality controls
Art. 11 Technical documentation ✅ Full Certification report
Art. 12 Record-keeping ✅ Full Evaluation logs, audit trail
Art. 13 Transparency ✅ Full Confidence scores, uncertainty disclosure
Art. 14 Human oversight ⚠️ Partial Risk classification triggers review
Art. 15 Accuracy, robustness ✅ Full ECE, U-Recall metrics

1.2 Conformity Assessment (Title III, Chapter 5)

Article Requirement ONTO Support
Art. 43 Conformity assessment ✅ Third-party certification available
Art. 44 Certificates ✅ 12-month certificate validity
Art. 49 CE marking ⚠️ Supports but not a Notified Body

1.3 Annex III: High-Risk Categories

Category ONTO Applicability
5(a) Credit scoring ✅ ONTO-FIN primary use case
5(b) Insurance pricing ✅ ONTO-FIN applicable
6(a) Recruitment ⚠️ General ONTO applicable
8(a) Law enforcement ⚠️ ONTO-LEGAL planned

2. NIST AI RMF Alignment

2.1 Core Functions

Function NIST Description ONTO Implementation
GOVERN Policies, accountability Foundation Charter, Standards Council
MAP Context, stakeholders Domain-specific benchmarks
MEASURE Risk assessment U-Recall, ECE, Risk Score
MANAGE Prioritize, respond Compliance levels, certification

2.2 MEASURE Function Details

Subcategory NIST Requirement ONTO Implementation
MEASURE 1.1 Approaches for measuring AI risks ✅ Defined metrics (U-Recall, ECE)
MEASURE 1.2 Appropriateness of metrics ✅ Domain-specific thresholds
MEASURE 1.3 Internal/external evaluation ✅ Self-assessment + certification
MEASURE 2.1 Evaluation methodologies ✅ ONTO-Bench protocol
MEASURE 2.2 Trustworthiness characteristics ✅ Calibration = reliability measure
MEASURE 2.3 Re-evaluation frequency ✅ Annual/Quarterly/Monthly by level
MEASURE 2.4 Feedback mechanisms ✅ Continuous monitoring option
MEASURE 2.5 Real-world performance ⚠️ Production monitoring planned
MEASURE 2.6 Measurement effectiveness ✅ Documented methodology
MEASURE 3.1 Quantitative methods ✅ All metrics quantitative
MEASURE 3.2 Stakeholder engagement ✅ Public RFC process
MEASURE 4.1 Measurement approaches documented ✅ Specification published
MEASURE 4.2 Results documented ✅ Certification reports
MEASURE 4.3 Uncertainty characterized ✅ Core purpose of standard

3. ISO/IEC 42001 Alignment

3.1 AI Management System Requirements

Clause Requirement ONTO Support
4 Context of organization ⚠️ Supports scoping
5 Leadership Governance structure defined
6 Planning (risk assessment) ✅ Risk Score methodology
7 Support (resources, competence) Training materials available
8 Operation (controls) ✅ Compliance thresholds
9 Performance evaluation ✅ Evaluation methodology
10 Improvement ✅ Re-certification cycle

3.2 Annex A Controls

Control Description ONTO Mapping
A.5 AI system impact assessment Risk Score assessment
A.6 AI system lifecycle Evaluation at each phase
A.7 Data management Benchmark data controls
A.8 AI system operation Production monitoring
A.9 Third-party relationships Certification verification

4. Domain-Specific Regulations

4.1 Financial Services

Regulation Jurisdiction ONTO-FIN Alignment
SR 11-7 US (Fed/OCC) ✅ Model validation framework
SS1/23 UK (PRA) ✅ Model risk management
MiFID II EU ✅ Suitability requirements
GDPR Art. 22 EU ⚠️ Explainability support
DORA EU ⚠️ ICT risk management

4.2 Healthcare (Planned)

Regulation Jurisdiction ONTO-MED Alignment
FDA SaMD US Planned
MDR EU Planned
HIPAA US Privacy controls needed
Regulation Jurisdiction ONTO-LEGAL Alignment
Bar Rules US States Planned
SRA Standards UK Planned

4.4 Target Industries by Layer

Critical Layer Industries ($100,000+/year)

Industries where AI failure creates systemic risk, legal liability, or threats to human safety:

# Industry Key Regulations Why Critical
1 Healthcare / Pharma FDA, MDR, HIPAA Patient safety, clinical decisions
2 Finance / Banking SR 11-7, MiFID II, DORA Trading AI, AML, credit decisions
3 Insurance Solvency II, state regulations Underwriting AI, claims processing
4 Defense / Military ITAR, DFARS, NIST 800-171 Mission-critical systems
5 Aerospace / Aviation DO-178C, DO-254, FAA Flight safety systems
6 Automotive (Autonomous) ISO 26262, UN R155/R156 Self-driving decisions
7 Semiconductors / AI Hardware Export controls, EAR Chip design verification
8 Telecom FCC, network security Critical infrastructure
9 Government / Public Sector FedRAMP, FISMA Citizen-facing AI

Standard Layer Industries ($15,000/year)

Industries with significant AI usage requiring calibration verification but lower regulatory burden:

# Industry Use Case Why Standard
1 AI Labs / Foundation Models Model calibration testing Pre-deployment verification
2 Legal Tech Contract analysis AI Professional liability
3 Robotics / Drones AI-to-AI protocol Industrial automation
4 Medical Devices (SaMD) FDA 510(k) pathway Non-critical diagnostics
5 Enterprise SaaS B2B AI features Customer trust, competitive advantage

5. Layer-Based Compliance

5.1 Regulatory Mapping by Layer

Regulation Open Layer Standard Critical
EU AI Act (low-risk)
EU AI Act (high-risk) ⚠️ Partial ✅ Full
NIST AI RMF
ISO/IEC 42001 ⚠️ Partial ✅ Full
FDA SaMD
SR 11-7 (Banking) ⚠️
PRA SS1/23 ⚠️

5.2 Why Critical Layer for Regulated Industries?

When regulators ask “how do you know your AI is calibrated?”, Critical Layer provides:

  1. Legally binding Audit Trail — Cryptographically signed verification archive
  2. Regulatory liaison — Direct support for compliance inquiries
  3. Reference Standard status — Maximum synchronization with ONTO core
  4. On-premise deployment — Data never leaves client infrastructure

5.3 Gas Fee and Compliance

The Gas system ensures every verification is: - Timestamped - Cryptographically signed - Stored in immutable registry - Retrievable for audits

This creates the chain of custody required by: - EU AI Act Art. 12 (Record-keeping) - NIST AI RMF MEASURE 4.2 (Results documentation) - ISO 42001 Clause 9 (Performance evaluation)

6. Implementation Guidance

5.1 For Compliance Officers

  1. Identify applicable regulations based on jurisdiction and use case
  2. Map ONTO metrics to regulatory requirements
  3. Determine compliance level needed
  4. Obtain certification at appropriate level
  5. Maintain continuous compliance through re-evaluation

5.2 For Auditors

  1. Review certification validity and scope
  2. Verify metrics against regulatory thresholds
  3. Examine evaluation methodology documentation
  4. Check continuous monitoring (Level 3)
  5. Document findings in audit report

5.3 Compliance Mapping Example

Regulation: EU AI Act (High-Risk Credit Scoring)
└── Required: Art. 9, 13, 15 compliance
    └── ONTO Level: L3 Advanced (ONTO-FIN)
        ├── U-Recall ≥80% (Art. 15 accuracy)
        ├── ECE ≤0.08 (Art. 15 accuracy)
        ├── Risk Score ≤0.20 (Art. 9 risk management)
        └── Audit Trail (Art. 13 transparency)

6. Certification Reports

ONTO Certification Reports include:

Section Contents Regulatory Use
Executive Summary Compliance level, validity Management attestation
Metrics Results U-Recall, ECE, Risk Score Technical evidence
Methodology Evaluation process Audit trail
Benchmark Coverage Question categories tested Scope documentation
Recommendations Improvement areas Continuous improvement

7. Limitations

ONTO certification does not:

  • Guarantee full regulatory compliance
  • Replace legal advice
  • Cover all regulatory requirements
  • Substitute for domain expertise

ONTO certification supports but does not ensure compliance with specific regulations. Organizations should consult legal counsel for complete compliance strategies.

Contact

Regulatory Questions: [email protected]
Certification: [email protected]
Enterprise: [email protected]

ONTO Regulatory Alignment Matrix v2.1
© 2026 ONTO Foundation

ONTO Foundation Charter

Governance Effective January 2026

ONTO Foundation Charter

Document ID: ONTO-GOV-001
Version: 1.0
Effective Date: January 2026
Status: Ratified

Article I: Name and Purpose

Section 1.1 — Name

The organization shall be known as ONTO Foundation (“the Foundation”).

Section 1.2 — Mission

To develop, maintain, and promote open standards for measuring and certifying epistemic risk in artificial intelligence systems.

Section 1.3 — Objectives

  1. Establish the ONTO Epistemic Risk Standard (ONTO-ERS) as an industry-recognized framework
  2. Provide certification services for AI system compliance
  3. Foster open collaboration among industry, academia, and regulators
  4. Maintain vendor-neutral governance
  5. Ensure long-term sustainability of the standard

Section 1.4 — Core Philosophy

"Thermometer, not Doctor" — ONTO measures epistemic calibration of AI systems. We do not improve, fix, or remediate models.

Protocol Identity

ONTO = Base Layer (like TCP/IP, HTTP)
     = One Signal + One Core + Infinite Applications
     = "We measure temperature. We do not treat the patient."

Scope Definition

ONTO Does ONTO Does NOT Do
Measure calibration (ECE) Improve AI models
Measure uncertainty (U-Recall) Fix hallucinations
Compute Risk Score Guarantee model quality
Issue cryptographic Certificates Assume liability for client models

Layer Principle

We do not restrict functionality. We differentiate the degree of social and scientific significance of the result.

Article II: Governance Structure

Section 2.1 — Board of Directors

The Foundation shall be governed by a Board of Directors consisting of five (5) seats:

Seat Role Term Current Holder
1 Founder Director Permanent Nick Strong
2 Industry Representative 3 years VACANT
3 Academic Representative 3 years VACANT
4 Regulatory/Policy Expert 3 years VACANT
5 Independent Director 3 years VACANT

Section 2.2 — Board Responsibilities

The Board shall:

  1. Set strategic direction
  2. Approve annual budget
  3. Appoint Executive Director
  4. Approve major specification changes
  5. Resolve disputes escalated from Standards Council
  6. Ensure compliance with anti-capture provisions

Section 2.3 — Standards Council

The Standards Council shall oversee technical development:

Role Responsibility
Chair Leads technical direction
Members (3-7) Vote on RFCs and technical matters
Working Group Chairs Lead domain-specific groups

Section 2.4 — Working Groups

Domain-specific Working Groups develop specialized extensions:

  • WG-FIN: Financial AI (ONTO-FIN)
  • WG-LEGAL: Legal AI (ONTO-LEGAL)
  • WG-MED: Medical AI (ONTO-MED)

Section 2.5 — Advisory Board

Non-voting advisors providing strategic guidance:

  • Former regulators
  • Academic researchers
  • Industry practitioners
  • AI ethics experts

Article III: Membership

Section 3.1 — Membership Classes

Class Fee Voting Rights Benefits
Founding Invitation only Full All benefits + governance
Corporate $50,000/year Limited Certification discount, WG participation
Academic $1,000/year Limited Research access, WG participation
Individual Free None Community access

Section 3.2 — Membership Obligations

Members agree to:

  1. Abide by the Patent Policy
  2. Participate constructively in governance
  3. Not misrepresent ONTO certification status
  4. Comply with trademark guidelines

Article IV: Layer Architecture & Pricing

We do not restrict functionality. We differentiate the degree of social and scientific significance of the result.

Section 4.1 — Service Layers

Layer Target Audience Annual Fee
Open Researchers, students, open-source $0
Standard Commercial AI services, fintech, analytics $15,000
Critical Healthcare, banks, energy, government $100,000+

Section 4.2 — Open Layer (Слой Познания)

Purpose: Mass adoption of the standard.

Includes: - Full SDK access - Local evaluation capabilities - ONTO-Bench dataset access - Community support

Requirements: - Mandatory public attribution: “Verified by ONTO Open Source” - Non-commercial use only

Section 4.3 — Standard Layer (Слой Практики)

Purpose: Commercial legitimacy for businesses.

Includes: - All Open Layer features - 10,000 Notary signatures (Gas) per year - Official report generation - Public verification (real-time) - Business hours support - 99.5% SLA

Overage: $0.50 per additional Notary batch

Section 4.4 — Critical Layer (Слой Ответственности)

Purpose: Reference standard for regulated industries.

Includes: - All Standard Layer features - 100,000+ Notary signatures (Gas) per year - Dedicated verification stream - Legal protocol support - Legally binding Audit Trail archive - Regulatory liaison services - 24/7 dedicated support - 99.99% SLA - On-premise deployment option

Overage: $0.25 per additional Notary batch

Section 4.5 — Gas Fee System (Плата за Истину)

Action Cost
Local calculations FREE (all layers)
Public verification (Notary) 1 Gas per batch

Gas ensures fair, usage-based pricing without bureaucratic overhead.

Section 4.6 — Compliance Metrics

All layers use the same technical metrics:

Metric L1 Basic L2 Standard L3 Advanced
U-Recall ≥30% ≥50% ≥70%
ECE ≤0.20 ≤0.15 ≤0.10
Risk Score ≤70 ≤50 ≤30

Section 4.7 — Certification Validity

  • Certificates valid for 12 months
  • Annual re-evaluation required
  • Public registry at ontostandard.org/verify

Article V: Financial Provisions

Section 5.1 — Revenue Sources

  1. Standard Layer subscriptions ($15,000/year)
  2. Critical Layer subscriptions ($100,000+/year)
  3. Gas overage fees
  4. Enterprise custom deployments
  5. Training and consulting
  6. Grants and donations

Section 5.2 — Projected Revenue

Source Year 1 Year 2
Standard (×20) $300,000 $600,000
Critical (×3) $300,000 $600,000
Gas Overage $50,000 $200,000
Other $50,000 $100,000
Total $700,000 $1,500,000

Section 5.3 — Budget Allocation

Category Minimum Maximum
Operations 30% 50%
Technical Development 20% 40%
Community & Outreach 10% 20%
Reserve Fund 10% 20%

Section 5.4 — Financial Transparency

Annual financial reports published publicly.

Article VI: Anti-Capture Provisions

Section 6.1 — Board Limitations

  • No single organization may hold more than one (1) Board seat
  • Board seats cannot be purchased or transferred
  • Directors must disclose conflicts of interest

Section 6.2 — Funding Limitations

  • No single organization may contribute more than 25% of annual budget
  • Funding does not convey governance rights beyond membership class

Section 6.3 — Specification Control

  • Specification changes require public RFC process
  • No organization may veto specification changes
  • All specifications remain open (ONTO Gold License)

Section 6.4 — Dissolution Provisions

In the event of dissolution:

  1. All intellectual property dedicated to public domain
  2. Certification registry transferred to neutral party
  3. No assets distributed to commercial entities

Article VII: Intellectual Property

Section 7.1 — Open Standard Commitment

  • Specifications licensed under ONTO Gold Asymmetric AI License
  • Reference implementations under Apache 2.0
  • Benchmark data under ONTO Gold License
  • Patent Policy (Royalty-Free) applies

Section 7.2 — Trademarks

ONTO Foundation owns and manages:

  • “ONTO” wordmark
  • “ONTO Foundation” wordmark
  • ONTO logo
  • “ONTO Certified” certification mark

Section 7.3 — Contributor Agreements

All contributors must agree to:

  • Developer Certificate of Origin (DCO)
  • Patent Policy
  • License terms

Article VIII: Amendment Process

Section 8.1 — Charter Amendments

Amendments to this Charter require:

  1. Proposal submitted to Board
  2. 60-day public comment period
  3. Two-thirds (⅔) Board approval
  4. 30-day implementation notice

Section 8.2 — Minor Corrections

Typographical and formatting corrections may be made by Executive Director with Board notification.

Article IX: Dispute Resolution

Section 9.1 — Internal Disputes

  1. Good faith negotiation
  2. Mediation by neutral party
  3. Binding arbitration (ICC Rules)

Section 9.2 — Governing Law

This Charter shall be governed by the laws of Delaware, United States.

Article X: Effective Date

This Charter is effective as of January 1, 2026.

Signatures

Founder Director:

Nick Strong
Date: January 2026

ONTO Foundation Charter v2.0
© 2026 ONTO Foundation

ONTO Standards Council

Governance Technical Leadership

ONTO Standards Council

Document ID: ONTO-GOV-002
Version: 1.0
Effective Date: January 2026
Status: Active

1. Purpose

The Standards Council is the technical governance body responsible for the development, maintenance, and evolution of ONTO specifications.

2. Composition

2.1 Structure

Role Count Term Current
Chair 1 2 years Nick Strong
Vice Chair 1 2 years VACANT
Members 3-7 2 years VACANT

2.2 Qualifications

Members must demonstrate:

  1. Technical expertise in AI/ML calibration, uncertainty quantification, or related fields
  2. Commitment to open standards principles
  3. Availability for regular participation
  4. No disqualifying conflicts of interest

2.3 Selection Process

  1. Nomination — Self-nomination or recommendation
  2. Review — Qualifications verified by Chair
  3. Interview — Technical assessment
  4. Vote — Existing Council approval (majority)
  5. Appointment — Board ratification

3. Responsibilities

3.1 Technical Direction

  • Define ONTO-ERS technical roadmap
  • Prioritize specification development
  • Ensure technical coherence across specifications

3.2 RFC Management

  • Review submitted RFCs
  • Conduct technical evaluation
  • Vote on RFC acceptance/rejection
  • Ensure implementation feasibility

3.3 Benchmark Oversight

  • Curate ONTO-Bench datasets
  • Define evaluation methodology
  • Ensure benchmark integrity
  • Prevent data contamination

3.4 Working Group Coordination

  • Charter Working Groups
  • Appoint Working Group Chairs
  • Review Working Group outputs
  • Resolve cross-WG conflicts

4. Decision Making

4.1 Quorum

Quorum requires participation of: - Chair or Vice Chair, AND - Majority of voting members

4.2 Voting

Decision Type Threshold
RFC Acceptance Majority
RFC Rejection Majority
Member Appointment Majority
Chair Election Two-thirds
Specification Release Two-thirds

4.3 Consensus Preference

The Council prefers consensus-based decision making. Formal votes occur when consensus cannot be reached.

4.4 Conflict of Interest

Members must recuse themselves from votes where they have material interest.

5. Meetings

5.1 Regular Meetings

  • Frequency: Monthly
  • Format: Video conference
  • Duration: 90 minutes
  • Agenda: Published 7 days in advance
  • Minutes: Published within 14 days

5.2 Special Meetings

Called by Chair with 48 hours notice for urgent matters.

5.3 Public Sessions

Quarterly public sessions for community engagement.

6. Working Groups

6.1 Active Working Groups

Working Group Focus Chair Status
WG-CORE Core specification Council Chair Active
WG-FIN Financial AI VACANT Recruiting
WG-LEGAL Legal AI VACANT Planned
WG-MED Medical AI VACANT Planned

6.2 Working Group Charter

Each WG must define:

  1. Scope and objectives
  2. Membership criteria
  3. Deliverables and timeline
  4. Relationship to core specification

6.3 Working Group Outputs

WG outputs become RFCs for Council review before incorporation into specifications.

7. RFC Process

7.1 RFC Lifecycle

DRAFT → REVIEW → COUNCIL VOTE → ACCEPTED/REJECTED → IMPLEMENTED

7.2 RFC Categories

Category Description Review Period
Core Changes to ONTO-ERS 60 days
Extension Domain-specific additions 30 days
Process Governance changes 45 days
Editorial Clarifications only 14 days

7.3 RFC Requirements

  • Clear problem statement
  • Technical specification
  • Backwards compatibility analysis
  • Reference implementation (preferred)

8. Specification Versioning

8.1 Version Numbering

MAJOR.MINOR.PATCH

Example: ONTO-ERS 1.2.3
Component When Incremented
MAJOR Breaking changes
MINOR New features (backward compatible)
PATCH Bug fixes, clarifications

8.2 Release Schedule

Release Type Frequency Notice
PATCH As needed 7 days
MINOR Quarterly 30 days
MAJOR Annual 90 days

9. Appeals Process

9.1 Grounds for Appeal

  • Procedural error in RFC review
  • New technical evidence
  • Conflict of interest violation

9.2 Appeal Procedure

  1. Written appeal to Chair within 30 days
  2. Council review at next meeting
  3. If unresolved, escalation to Board

10. Communication

10.1 Channels

Channel Purpose
[email protected] Official communications
GitHub Discussions Public technical discussion
Mailing List Announcements
Slack/Discord Informal coordination

10.2 Transparency

  • Meeting agendas public
  • Meeting minutes public
  • RFC discussions public
  • Voting records public

11. Code of Conduct

Council members adhere to the ONTO Foundation Code of Conduct:

  1. Act in the Foundation’s best interest
  2. Maintain technical objectivity
  3. Respect diverse perspectives
  4. Disclose conflicts promptly
  5. Protect confidential information

12. Amendment

This document may be amended by:

  1. Council proposal (majority vote)
  2. 30-day comment period
  3. Board approval

Contact

Standards Council:
[email protected]

Chair:
Nick Strong
[email protected]

ONTO Standards Council Charter v2.0
© 2026 ONTO Foundation

ONTO Gold Asymmetric AI License

v5.1 Open Source · Commercial Terms
                             Apache License
                       Version 2.0, January 2004
                    http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

  1. Definitions.

    “License” shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.

    “Licensor” shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.

    “Legal Entity” shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, “control” means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.

    “You” (or “Your”) shall mean an individual or Legal Entity exercising permissions granted by this License.

    “Source” form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.

    “Object” form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.

    “Work” shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).

    “Derivative Works” shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.

    “Contribution” shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to the Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, “submitted” means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as “Not a Contribution.”

    “Contributor” shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.

  2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.

  3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

  4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:

    1. You must give any other recipients of the Work or Derivative Works a copy of this License; and

    2. You must cause any modified files to carry prominent notices stating that You changed the files; and

    3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and

    4. If the Work includes a “NOTICE” text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.

    You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

  5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.

  6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.

  7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.

  8. Limitation of Liability. In no event and under no theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use or inability to use the Work (even if such Holder or other party has been advised of the possibility of such damages), shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses).

  9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

APPENDIX: How to apply the Apache License to your work.

  To apply the Apache License to your work, attach the following
  boilerplate notice, with the fields enclosed by brackets "[]"
  replaced with your own identifying information. (Don't include
  the brackets!)  The text should be enclosed in the appropriate
  comment syntax for the file format. We also recommend that a
  file or class name and description of purpose be included on the
  same "printed page" as the copyright notice for easier
  identification within third-party archives.

Copyright 2026 ONTO Foundation

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Patent Policy

Legal RF-RAND Commitment

ONTO Foundation Patent Policy

Version: 1.0
Effective Date: January 2026
Status: Active

1. Purpose

This Patent Policy establishes the intellectual property framework for the ONTO Epistemic Risk Standard (ONTO-ERS) and all associated specifications, ensuring open and royalty-free access for all implementers.

2. Royalty-Free Commitment

2.1 Grant

Each Contributor to ONTO specifications hereby grants to all implementers a perpetual, worldwide, non-exclusive, royalty-free, irrevocable license under any Essential Claims to make, have made, use, sell, offer to sell, import, and distribute implementations of the Specification.

2.2 Essential Claims

“Essential Claims” means all claims in any patent or patent application that would necessarily be infringed by an implementation of the Specification.

2.3 Scope

This grant applies to:

  • ONTO-ERS Core Specification (ONTO-42001, ONTO-42003)
  • ONTO Benchmark Methodology
  • ONTO Certification Process
  • All domain-specific extensions (ONTO-FIN, ONTO-LEGAL, ONTO-MED)
  • Reference implementations published by ONTO Foundation

3. Contributor Obligations

3.1 Disclosure

Contributors must disclose any patents or patent applications they believe may contain Essential Claims related to the Specification.

3.2 Licensing Commitment

By contributing to ONTO specifications, Contributors agree to license Essential Claims under Section 2.1 terms.

3.3 No Assertion

Contributors agree not to assert Essential Claims against any implementation of the Specification.

4. Defensive Termination

4.1 Termination Trigger

The royalty-free license granted under Section 2.1 shall terminate automatically as to any party that:

  1. Asserts patent claims against ONTO Foundation or any Contributor for implementing the Specification; or

  2. Asserts patent claims against any third party for implementing the Specification.

4.2 Scope of Termination

Termination applies only to the asserting party and does not affect licenses to other implementers.

5. No Warranty

THE SPECIFICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. ONTO FOUNDATION MAKES NO WARRANTY THAT THE SPECIFICATION DOES NOT INFRINGE ANY PATENT, TRADEMARK, COPYRIGHT, OR OTHER PROPRIETARY RIGHT.

6. Trademark

6.1 ONTO Marks

“ONTO”, “ONTO-ERS”, “ONTO Foundation”, and associated logos are trademarks of ONTO Foundation.

6.2 Permitted Use

Implementations may use ONTO trademarks only to indicate conformance with the Specification, subject to ONTO Foundation trademark guidelines.

6.3 Certification Marks

Use of “ONTO Certified” mark requires valid certification from ONTO Foundation.

7. Specification License

7.1 Text License

The text of ONTO specifications is licensed under ONTO Gold Asymmetric AI License v5.1.

7.2 Code License

Reference implementation code is licensed under Apache License 2.0.

7.3 Benchmark Data

ONTO-Bench datasets are licensed under ONTO Gold Asymmetric AI License.

8. Governance

8.1 Policy Changes

This Patent Policy may be amended by the ONTO Foundation Board of Directors with 90 days advance notice to the community.

8.2 Disputes

Patent-related disputes shall be resolved according to ONTO Foundation dispute resolution procedures.

8.3 Dissolution

In the event of ONTO Foundation dissolution, all intellectual property covered by this policy shall be dedicated to the public domain.

9. Contact

Patent Policy Questions:
[email protected]

ONTO Foundation
https://ontostandard.org

ONTO Foundation Patent Policy v2.0
© 2026 ONTO Foundation

Privacy Policy

GDPR Compliant January 2026

1. Introduction

ONTO Standard LLC ("ONTO", "we", "us") is committed to protecting your privacy. This policy describes how we collect, use, and protect your personal data when you use our services.

2. Data Controller

ONTO Standard LLC
Contact: [email protected]

3. Information We Collect

CategoryDataPurpose
AccountName, emailService access
CompanyCompany name, registration number, VAT, addressInvoicing, contracts
UsageAPI calls, timestamps, evaluation countsService delivery, billing
TechnicalIP address, browser typeSecurity, debugging

4. Legal Basis (GDPR Art. 6)

  • Contract: Processing necessary to provide our services
  • Legitimate Interest: Security, fraud prevention, service improvement
  • Legal Obligation: Tax records, regulatory compliance
  • Consent: Marketing communications (opt-in)

5. Data Sharing

We never sell your data.

We share data only with:

  • Payment Processors: Airwallex (for payment processing)
  • Infrastructure: Railway, Cloudflare (hosting, CDN)
  • Legal Requirements: When required by law

6. Data Retention

Data TypeRetention Period
Account dataDuration of account + 30 days
Verification archive (FREE)6 months
Verification archive (BUSINESS)12 months
Verification archive (ENTERPRISE)24 months
Invoices and contracts7 years (legal requirement)

7. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion ("right to be forgotten")
  • Portability: Receive your data in machine-readable format
  • Restriction: Limit how we use your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: For consent-based processing

To exercise these rights, contact: [email protected]

8. International Transfers

We may transfer data outside the EEA using:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions

9. Security

We implement appropriate technical and organizational measures including encryption, access controls, and regular security audits.

10. Updates

We may update this policy periodically. Material changes will be communicated via email.

11. Contact

Data Protection Officer:
Email: [email protected]
ONTO Standard LLC

Privacy Policy v2.1 — January 2026