Open Technical Standard — Version 1.0 — April 2026 — Public Specification

QODIQA

Deterministic Runtime Consent Enforcement for Artificial Intelligence Systems
Read Whitepaper View Specification

Consent enforcement is not a feature of compliant AI systems. It is a required architectural condition for any system operating on human data.

The gap is not regulatory. It is architectural. No existing framework operates at the point of execution. QODIQA defines and occupies that boundary.

Illustrative Enforcement Trace

Enforcement at the Execution Boundary

Every action is intercepted at the execution boundary. Consent state is verified deterministically before any operation proceeds. The log panels below reflect the enforcement decision cycle across concurrent nodes.

Enforcement Log · Node 01
Requestreq_8f21a9c
Timestamp14:32:08 UTC
ActionGenerate Voice, Public Figure
IdentityUser_4821
ConsentNOT FOUND
Scopen/a
ExecutionBLOCKED
Enforcement Log · Node 02
Requestreq_3c90f12
Timestamp14:32:11 UTC
ActionAccess Patient Medical Records
IdentityUser_0093
ConsentVERIFIED
Scopescope:read
ExecutionALLOWED
Enforcement Log · Node 03
Requestreq_a74d3e1
Timestamp14:32:14 UTC
ActionTrack Real-Time Location
IdentityUser_7714
ConsentEXPIRED
Scopen/a
ExecutionBLOCKED
Enforcement Log · Node 04
Requestreq_5b22f90
Timestamp14:32:17 UTC
ActionExport Contact Graph
IdentityUser_0561
ConsentSCOPE MISMATCH
Scopescope:analytics
ExecutionBLOCKED
Enforcement Log · Node 05
Requestreq_c19e4a3
Timestamp14:32:20 UTC
ActionClone Voice from Audio
IdentityUser_2250
ConsentNOT FOUND
Scopen/a
ExecutionBLOCKED
Enforcement Log · Node 06
Requestreq_7d83b12
Timestamp14:32:23 UTC
ActionIdentify Person from Image
IdentityUser_9340
ConsentWITHDRAWN
Scopen/a
ExecutionBLOCKED
Enforcement Log · Node 07
Requestreq_2f44c80
Timestamp14:32:26 UTC
ActionRead Preference Profile
IdentityUser_1103
ConsentVERIFIED
Scopescope:analytics
ExecutionALLOWED

Enforcement Gateway: Active · Fail-Closed (Deterministic)    Audit System: Append-only · Cryptographic Verification    Standard: Version 1.0 · Public License    Fail-closed enforcement at runtime. No execution without valid consent.

Implementation Reference — Verifiable Components

Runtime enforcement executes through four specified components: gateway, consent registry, policy engine, and append-only audit log.
Unauthorized inference is blocked at the execution boundary under fail-closed conditions.

Open specification · Inspectable · Reproducible at inference boundary

Deterministic Enforcement: Execution Boundary — Runtime Log Illustrative Enforcement Cycle
Total Requests 0
Allowed
Blocked
Avg Latency
Enforcement Mode FAIL-CLOSED
Audit APPEND-ONLY
Input Action Consent State Scope Reason Latency Req ID Trace ID Risk Consent Age Decision

Execution without enforced consent is system failure. Every inference without enforcement is an active violation.

Structural Condition

Consent is assumed, not enforced.

GDPR, EU AI Act, NIST AI RMF, and ISO/IEC 42001 define consent obligations. None mandate technical enforcement at runtime. Consent remains declarative. The gap is architectural, embedded in how AI systems are built. Four concrete enforcement boundaries illustrate what runtime interception resolves.

Biometric Processing

Facial and Voice Biometrics

Without enforcement, a biometric inference pipeline executes whenever called, regardless of consent state. Scope mismatches and withdrawn consent are invisible at the execution boundary. With QODIQA, every biometric inference maps to a declared scope — verified cryptographically before execution proceeds. Unscoped requests are blocked at the action boundary, not discovered in audit.

Health and Clinical Data

Medical Record Access

Without enforcement, a consent record in a CRM or policy document does not propagate to the inference boundary. An analytics consent token cannot be distinguished from a clinical data scope at runtime. With QODIQA, consent artifacts are cryptographically scoped and verified at the action boundary. A wellness-scope token cannot authorize clinical record extraction — mismatch is a technical impossibility, not a policy risk.

Voice Cloning

Synthetic Identity Generation

Without enforcement, a voice synthesis model executes on any audio sample. No consent artifact is checked at the inference call. Identity is reconstructed without the subject's knowledge. With QODIQA, the enforcement gateway intercepts every synthesis request. Absent a valid, non-expired, explicitly scoped voice consent artifact, synthesis does not proceed. The block occurs before model execution, not after it.

Location and Movement

Real-Time Location Tracking

Without enforcement, withdrawal of location consent updates a database record. The withdrawal signal is not bound to the inference layer. Tracking continues until a manual process propagates the change. With QODIQA, consent withdrawal is immediately effective at the execution boundary. Withdrawn consent renders execution technically impossible — no propagation delay, no race condition, no exposure window between withdrawal and enforcement.

Structural Gap Analysis

Existing Frameworks Do Not Operate at the Execution Boundary

No existing framework operates at the execution boundary. The gap is not resolved by stricter policy. It requires an enforcement layer at the point of execution. The technical absence is not a gap in regulation. It is a gap in architecture. At scale, uncontrolled inference becomes systemic legal exposure.

GDPR Consent obligations defined. No runtime enforcement mechanism required. Compliance is verified by audit, not by execution control.
EU AI Act Risk classification and documentation mandated. No enforcement at the inference boundary. Operates at organisational accountability level, not execution control.
NIST AI RMF Risk categories and governance functions defined. No runtime enforcement specified. Voluntary risk vocabulary, not an execution control model.
ISO/IEC 42001 Management system requirements for AI governance. No execution-layer controls specified. Process maturity and documentation, not action-level enforcement.

The enforcement boundary is absent from every existing framework. QODIQA defines and occupies it.

The structural gap cannot be closed by stricter policy or tighter documentation. It requires a deterministic enforcement layer at the point of execution — one that makes consent verifiable before inference proceeds.

Deployment Scope

Systems That Require Runtime Consent Enforcement

Any system that generates, infers, or routes outputs derived from human data, at any scale, in any domain, requires deterministic consent enforcement at the execution boundary. This is not a capability upgrade. It is a structural prerequisite for verifiable compliance.

Category 01 Large-Scale Inference Platforms Every inference event on multi-tenant infrastructure constitutes a discrete consent boundary. Enforcement liability cannot be delegated to the application layer or post-hoc audit.
Category 02 Foundation Model Operators Models trained on human data and deployed at scale carry consent obligations from training through every downstream inference event. Without runtime enforcement, consent integrity cannot be demonstrated at any stage.
Category 03 AI Assistant Systems Conversational and agentic systems that access, retrieve, or derive personal data on behalf of users require verifiable consent enforcement at every action boundary, not at session initiation alone.
Category 04 Healthcare and Clinical AI Special category health data access is scope-bound under GDPR Art. 9 and HIPAA. Runtime scope mismatch constitutes a violation regardless of prior documentation or organisational policy.
Category 05 Financial and Risk Systems Credit, underwriting, and algorithmic scoring decisions require auditable consent chains. Post-hoc reconstruction of consent state does not satisfy the technical burden of proof in regulatory proceedings.
Category 06 Identity and Biometric Infrastructure Biometric inference carries maximum regulatory exposure across all jurisdictions. Unverified, unscoped, or expired consent at execution constitutes an enforcement failure, not a process deviation.
Principles

Core Principles

Six invariants govern deterministic consent enforcement across every action type, consent state, and operational boundary — without exception or ambiguity. No execution proceeds outside verified, scoped consent; no deviation is architecturally possible.

01

Deterministic Enforcement

Given identical consent state and action request, the enforcer produces identical output. No probabilistic paths. No ambiguity.

02

Runtime Interception

Consent is verified at the moment of execution, not at ingestion or configuration time. The enforcement point is the action boundary.

03

Auditable by Construction

Every enforcement decision produces a cryptographically anchored audit record. Evidence is generated, not reconstructed.

04

Fail-Closed Default

In the absence of verified consent, execution is denied. The safe state is inaction. Uncertainty does not default to permission.

05

Consent Immutability

A recorded consent state cannot be retroactively altered. Withdrawal is prospective. History is append-only.

06

Scope Boundedness

Consent granted for one purpose does not extend to another. Every action maps to a declared scope, verified at runtime.

Enforcement Gap Analysis

Without Runtime Enforcement: Four Certainties

Without runtime enforcement, audit, compliance, governance, and accountability operate on unverified assumptions. These are not risks. They are certainties. The system does not fail occasionally. It fails continuously. Every execution without enforcement compounds the exposure.

Condition: Unenforceable
Audit: Reconstructive Only

Compliance investigations reconstruct consent state from records not designed as evidence. Reconstructive audit cannot establish execution-boundary facts, only approximations.

Condition: Unverifiable
Consent: Unverifiable

Consent in a CRM or policy document is a record of intent, not execution. Without cryptographic enforcement binding at runtime, no verification mechanism exists. The gap between declaration and execution is unresolvable.

Condition: Declarative Only
Compliance: Declarative Only

Systems without runtime enforcement can assert compliance, not demonstrate it. Regulatory proceedings require technical evidence of enforcement. Documentation of intent does not satisfy that burden.

Condition: Undetectable
Violations: Undetectable at Runtime

Scope mismatches, expired consent, and withdrawn permissions violate at the moment of inference. Without boundary enforcement, violations are invisible until post-hoc review. Damage precedes detection.

The Standard Corpus

Complete. Normative. Open.

32Specification Documents
Structured for verifiability · Designed for auditability · Enforceable at runtime
QODIQA-WP-2026-001
Consent as Infrastructure for Artificial Intelligence. Technical Whitepaper
 QODIQA-EB-2026-001
Executive Brief
 QODIQA-CORE-2026-001
Core Standard for Deterministic Runtime Consent Enforcement
 QODIQA-TND-2026-001
Terminology and Normative Definitions
 QODIQA-GEI-2026-001
Global Enforcement Invariants
 QODIQA-ARCH-2026-001
Reference Architecture for Deterministic Runtime Consent Enforcement
 QODIQA-SBTM-2026-001
System Boundary and Trust Model Specification
 QODIQA-FRAMEWORK-2026-003
68-Point Enforcement Framework
 QODIQA-IMPL-2026-001
Implementation Playbook
 QODIQA-RIS-2026-001
Reference Implementation Specification. Minimal Deterministic Enforcement Stack
 QODIQA-CTSS-2026-001
Conformance Test Suite Specification
 QODIQA-CVS-2026-001
Conformance Verification Specification
 QODIQA-CERT-2026-001
Certification Framework
 QODIQA-AUDIT-2026-001
Audit and Evidence Generation Model
 QODIQA-ARP-2026-001
Audit Readiness and Evidence Pack
 QODIQA-SEC-2026-001
Security and Cryptographic Profile
 QODIQA-FEM-2026-001
Failure Handling and Recovery Specification
 QODIQA-FCM-2026-001
Non-Compliance Conditions and Failure Modes
 QODIQA-SEC-TM-2026-001
Threat Model and Abuse Case Specification
 QODIQA-TM-2026-001
Extended Adversarial Threat Model
 QODIQA-INTEROP-CONS-2026-001
Interoperability and Deployment Constraints
 QODIQA-RAM-2026-001
Regulatory Alignment Matrix
 QODIQA-EIP-2026-001
Economic Impact Analysis
 QODIQA-UCD-2026-001
Use Case Dossiers for Runtime Consent Enforcement Deployments
 QODIQA-WE-2026-001
Worked Example. End-to-End Scenario
 QODIQA-PSL-2026-001
Positioning and Scope Limitation Statement
 QODIQA-RISK-2026-001
Residual Risk and Assumption Disclosure Annex
 QODIQA-GOV-CH-2026-001
Governance Charter for the QODIQA Standard Corpus
 QODIQA-CCL-2026-001
Corpus Change Log and Version History
 QODIQA-IDX-2026-001
Master Index and Readers Guide
 QODIQA-PSLI-2026-001
Public Specification License
Consent violations at runtime are not contained at runtime. Neither is the liability.