Membership · vendor-neutral coalition

Join the coalition that governs the standard.

The coalition is forming; the founding cohort is closing Q3 2026.

No member owns the standard

OCSS is governed by the organizations that implement it. Joining now means helping write the normative text everyone who comes after builds against. Membership is open to platforms, parental-control and device/OS vendors, infrastructure and DNS operators, regulators (as observers), civil-society bodies, and academic researchers.

At v1.0 ratification, editorial authority transfers from the founding steward (Phosra, one participant of many) to the multi-stakeholder Trust Committee. Participation buys a seat and a vote in the process, not control.

§ 1

What membership gives you

Concrete standing in the process, not a logo placement.

Shape the spec

Submit and vote on rule proposals
Redline normative drafts in the open
RFC-first review process

Early conformance access

Run the suite before public release
Reserve your registry listing
Ahead of general availability

A defined accreditation path

Self-attested Implementer → Certified
A clear route as you mature
Independent verification at the top

Working-group seats

AI Safety: model & guardrail proposals
Privacy: data-minimization rules
Seats open at Member; chairs at Steward

Legislation-mapping access

Per-jurisdiction statute-to-rule mapping
91 laws across 30+ jurisdictions
Served from the signed Trust List registry

Use the mark

Display the OCSS conformance mark
Once you pass the suite + hold a registry entry
Earned, never claimed

Why a parental-control vendor adoptsToday every signal you exchange is a bilateral integration: an age band from a device OS, a consent record from a platform, a tier from a content rater. Five vendors talking to five platforms is twenty-five connectors to build and keep alive (N×M). OCSS collapses that to N+M: you implement one typed contract and one verify step, then interoperate with everyone else who did the same. The Certified mark is the market asset. It tells a parent, a platform, and a regulator that your enforcement was tested against the rule list, not just asserted. Concretely, a standalone parental-control tool ships the Age, Consent, Tier, Block, and Alert capabilities (read an OS age band, gate the tier locally, block "Not For Kids" titles, and surface a parent alert) without re-implementing each statute. Integration is HTTP: a JSON rule object, a signed envelope you verify, and an immutable audit row you emit.

What it costs you after launchThe point of building to the spec instead of to 91 statutes is that you don't re-ship code when a law changes. When a jurisdiction amends a statute, the change lands in the signed legislation feed as a new or updated rule mapping — your enforcement code already matches on the typed category (ai_chatbot_tier_gate, not "NY S9051 §2"), so most statutory churn is a data-feed refresh you pull on a ≤24h cache, not a release. The recurring engineering cost is bounded and predictable: track SemVer on the rule set (minor versions are additive and backward-compatible, and only a major version can break you), and a major version ships with a 90-day public review and an 18-month deprecation window, so you're never forced into an emergency migration. Quarterly public reviews are where you see what's coming. Recertification follows the major-version cadence, not the legislative calendar.

§ 2

Participation tiers

Four tiers of increasing voice and obligation. Fees are illustrative and sustain neutral governance: no member profits from them, and no payment is taken when you apply.

Tier 0 · Observer

Implementer / Observer

Free

Self-attested. Public registry, no third-party check.

Read all working drafts and the full spec
Public mailing-list & working-group-observer access
Quarterly public review attendance
Comment on drafts
Self-attest conformance & claim the "Implementer" mark

Start as an Implementer

Tier 1 · Member

Certified / Member

$2.5k–5k / yr

Independently verifiable. Audited by an approved assessor against the rule list of each claimed capability.

Everything in Implementer / Observer
Submit rule proposals
Vote in the working groups
Conformance suite access (pre-release)
Independent certification → the audited "Certified" mark

Become a Member

Recommended Tier 2 · Steward

Working Group Member / Steward

$15k–25k / yr

A seat at the table where the text is written.

Everything in Certified / Member
A working-group seat & RFC sponsorship rights
Working-group chair eligibility
Priority statute-mapping access
Higher accreditation standing in the Trust List

Apply as a Steward

Tier 3 · Founding · invite-only

Steering Committee / Founding

$75k–100k / yr

The founding cohort, closing Q3 2026.

Everything in Working Group Member / Steward
Trust Committee eligibility: the 9-seat body that ratifies every major version & approves the conformance suite
Charter-cohort recognition as a founding participant
Highest accreditation standing in the Trust List
How the Committee works

Request an invitation

Membership buys a seat and a vote, not ownership. The standard is openly licensed and royalty-free regardless of tier.

Governance is firewalled from accreditationThe Trust Committee does exactly two things: it ratifies each major version and approves the conformance suite. It does not decide who appears on the signed Trust List, and a paid participation tier cannot buy a Trust-List placement. A routing intermediary is listed only after it passes the published suite and an independent audit: the same bar for a Founding member and a non-member. This separation is structural, not a courtesy: it's what lets a regulator trust the registry without auditing the coalition's membership ledger.

How the Committee is composedCivil society is structurally embedded in a 9-seat Trust Committee. 3 of the 9 seats are reserved for named civil-society bodies (for example Common Sense Media, Roost, the EFF, FOSI, and the ACLU), non-removable except for cause. Accreditation decisions run on one organization, one vote, so a large implementer cannot accumulate weight proportional to market share. Every trust-list change carries a 72-hour public notice and comment period. De-accreditation requires a 2/3 Trust Committee vote plus a 30-day cure period. See the Committee charter for quorum and seat rules.

§ 3

Compare the tiers

What each tier unlocks. Read across: voice and obligation both increase left to right.

Benefit	Implementer / Observer	Certified / Member	Working Group / Steward	Steering / Founding
Read working drafts & spec	✓	✓	✓	✓
Comment on drafts	✓	✓	✓	✓
Self-attest ("Implementer" mark)	✓	✓	✓	✓
Submit rule proposals	—	✓	✓	✓
Working-group voting	—	✓	✓	✓
Conformance suite access [draft · Q3 2026]	—	pre-release	✓	✓
Independent certification ("Certified" mark)	—	✓	✓	✓
MUST rotate signing keys ≤180 days (Trust-Listed)	—	✓	✓	✓
MUST emit one immutable audit row per envelope	—	✓	✓	✓
SHOULD pass annual independent audit (SOC 2 Type II)	—	✓	✓	✓
Working-group seat & RFC sponsorship	—	—	✓	✓
Working-group chair eligibility	—	—	✓	✓
Trust Committee eligibility	—	—	—	✓
Annual fee	Free	$2.5k–5k	$15k–25k	$75k–100k (invite)

MUST / SHOULD per RFC 2119. The conformance suite is in active drafting; test vectors and binding criteria (JWE recipient-key targeting, Ed25519 signature validation per RFC 9421, and signed-envelope rejection rules) publish in RFC-draft form alongside the suite (targeted Q3 2026). See Conformance for the full MUST / MUST-NEVER contract.

§ 2

What you actually implement

For the engineer estimating effort: a typed rule, a signed envelope, and a verify-before-enforce step. The same primitives whether you sit at the DNS resolver, the MDM profile, the router, the OS, or inside the app.

1 · A rule is typed JSON

OCSS Rules · ~100 typed categories

Every child-safety obligation is one of ~100 typed categories (e.g. age_gate, os_age_signal_ingest, ai_chatbot_tier_gate, nfk_hard_block). You match on the category, not on the statute it came from. Build to the spec, not to the statute.

Why "~100" and not an exact number. The taxonomy is versioned, so three counts legitimately differ: the implementation tree currently ships 96 categories, the v1.0-DRAFT registry declares 104 (it reserves IDs ahead of code), and 106 appear in the statute-to-rule map (two are aliases that fold into a canonical ID). The declared registry in the spec is canonical: code and mappings converge to it at each ratified version. We say "~100" in prose precisely because the exact integer is a moving, versioned figure, not a marketing round-up.

// one rule, resolved for a given subject + jurisdiction
{
  "rule": "ai_chatbot_tier_gate",
  "capability": "Tier",        // 1 of 8 runtime caps
  "age_band": "13-17",           // derived band, never DOB
  "decision": "warn",            // allow | warn | block
  "jurisdiction": "US-NY",
  "cite": ["NY-S9051"]          // statute provenance
}

2 · It travels in a two-layer signed envelope

OCSS Trust Framework · Ed25519 + JWE

The outer layer carries routing metadata and the sender's Ed25519 signature, visible to the intermediary so it can route. The inner layer is JWE-sealed to the receiver's public key, so the intermediary forwards bytes it cannot read.

{
  "outer": {                  // readable by intermediary
    "to": "did:ocss:resolver-7",
    "alg": "EdDSA",          // RFC 9421, Ed25519
    "sig": "…sender signature…",
    "family_hash": "…"      // domain-sep per receiver
  },
  "inner": "eyJhbGciOiJF…"      // JWE, opaque to intermediary
}

You fetch the receiver's public key from the eIDAS-style signed Trust List (modeled on the EU Trusted List; cached ≤24h), not from a bilateral exchange. The inner JWE is sealed with that key: content-encrypted under A256GCM, key-wrapped to the recipient (ECDH-ES+A256KW against the receiver's published JWK), so the intermediary holds no decryption key by construction. The family_hash it carries is domain-separated per receiver (a keyed hash bound to the destination), so the same household resolves to a different value at every hop and cannot be correlated across intermediaries.

3 · Verify before you enforce

the non-negotiable sequence

Resolve the sender in the signed Trust List. Reject anyone not listed or whose key is past its ≤180-day rotation window.
Verify the Ed25519 signature over the outer layer per RFC 9421. Bad signature → drop, do not enforce.
Decrypt the JWE inner with your own key. Only the addressed receiver can.
Apply the rule (allow, warn, or block) at your enforcement surface. Never downgrade to a weaker rule than the envelope carries.
Emit one immutable audit row per envelope: the OCSS Receipt carries rule ID, age band, jurisdiction, decision, statute cite, signed and timestamped.

DNS resolverMDM profilerouter / CPEOS age signalin-app SDKCDN edge

4 · Conformance & the mark

tested, not asserted

The conformance suite tests your implementation against the rule list of each of the 9 capabilities you claim. Pass it and you may display the mark: Implementer (self-attested, free, public registry) or Certified (audited by an approved assessor, verified registry).

Routing intermediaries carry the binding obligations: MUST validate every sender signature, address to the receiver's public key, emit one immutable audit row per envelope, publish real-time status, rotate signing keys ≤180 days, and pass an annual independent audit (SOC 2 Type II minimum). MUST NEVER decrypt payloads, retain contents past delivery, or correlate routing metadata across families.

The suite is in active drafting. Test vectors, envelope schemas, and signing-protocol fixtures publish in RFC-draft form (targeted Q3 2026). See Conformance for the full MUST / MUST-NEVER contract.

The threat model, stated plainly

Adversarial assumption: no single intermediary is trusted. Federation-grade routing requires ≥3 accredited intermediaries (Trust List status goes Yellow below 3, Red below 2). Intermediaries are treated as honest-but-curious: they route, they do not get to read. Here is what each design choice defends against.

Intermediary tamperingintegrity · non-repudiation

The sender signs the outer layer with Ed25519 over RFC 9421 HTTP Message Signatures. A relay that alters routing metadata invalidates the signature, and the receiver drops it. Signatures are non-repudiable, so the sender can't later disown a decision it signed.

Intermediary reads the payloadconfidentiality

The inner layer is JWE-sealed to the receiver's public key from the Trust List. The intermediary forwards ciphertext it cannot open, so a curious or compromised relay learns routing metadata at most, never the child-safety payload.

Cross-intermediary re-identificationcollusion resistance

The family_hash is domain-separated per receiver via HKDF(salt="ocss:family-hash:v1", ikm=root, info=receiver-DID), so the same family hashes to different values at different intermediaries (see the derivation in §4). Two relays comparing logs cannot stitch a child's activity together without the root secret, which never leaves the issuer. We state the honest bound: this reduces cross-intermediary correlation to the pseudorandomness of HKDF-Expand under RFC 5869 with distinct info labels. It is a construction argument, not yet a published reduction proof, which is exactly the claim we want researchers to attack (see the verification roadmap below).

Replayfreshness · audience binding

The signed outer layer binds the envelope to the addressed receiver via an aud resource indicator (RFC 8707) and carries a signed iat timestamp inside the RFC 9421 signature base, so freshness is covered by the same signature as the routing metadata, and a replay can't strip or backdate it. A captured envelope replayed at a different resolver fails the aud check, and replayed after the acceptance window fails the timestamp check. v1.0 deliberately scopes freshness to audience-binding + signed timestamps. Nonce-cache and the W3C VC / OpenID4VP credential path are explicitly v1.1 (SHOULD today, not a v1.0 MUST).

Stricter-rule downgradeenforcement integrity

A receiver MUST NOT enforce a weaker decision than the envelope carries. A relay can't quietly turn a block into a warn. The signed rule is the floor, and the audit row records what was actually applied.

Key compromiserevocation · rotation

Trust-Listed intermediaries MUST rotate signing keys at least every 180 days. A compromised key is revoked in the signed Trust List, which receivers re-fetch on a ≤24h cache, and envelopes signed by a revoked key stop verifying once the new list propagates.

Mandate creepgovernance, not crypto

The payload carries a derived age band ("13–17"), never a date of birth or identity. Receipts hold no PII. The vendor-neutral governance model (editorial authority transferring to the Trust Committee, no member owning the standard) is what keeps the rule set from drifting into surveillance.

The primitives are standard and citeable, not bespoke: Ed25519 signatures over RFC 9421 HTTP Message Signatures, audience binding per RFC 8707, JWE sealing per RFC 7516, key derivation per RFC 5869 HKDF, and an eIDAS-style signed Trust List modeled on the EU Trusted List. The six-vector model above is the working threat model. There is no third-party audit or formal proof yet, and we don't pretend otherwise.

Verification roadmap. v1.0-DRAFT (now) → adversarial review by academic participants and the open RFC process. Conformance test vectors + the formal envelope JSON Schema publish in RFC-draft form alongside the suite (targeted Q3 2026). A written threat-model document with the HKDF domain-separation reduction and an independent review are targeted before v1.0 ratification. That's the bar for ratification, and it is open work, not a shipped claim. The full primitive set lives in the specification; the conformance contract is in Conformance.

§ 3

How a statute becomes a testable rule

For regulators verifying the verifiability claim: a provision maps to a typed rule, a capability, and an audit decision you can request by ID. OCSS implements these provisions. It does not assert that pending laws are enforced. Members get the per-jurisdiction mapping for all ~91 laws across 30+ jurisdictions, served from the signed Trust List.

Statute provision	OCSS rule	Capability	Audit decision
KOSA §4(b)(2): duty of care, default settings for minors	age_gate	Age	block / gate by band
CA AB 1043: OS-level age signal	os_age_signal_ingest	Age	ingest + propagate band
NY S9051: AI companion / chatbot restriction for minors	ai_chatbot_tier_gate	Tier	warn / block
COPPA 2.0: verifiable parental consent	parental_consent_gate	Consent	block until consent
UK Online Safety Act: illegal-content / CSAM duties	nfk_hard_block · csam_reporting	Block · Receipt	hard block + report
UK AADC: data minimization for children	commercial_data_ban	Privacy	limit / delete
EU DSA: algorithmic transparency for minors	algorithmic_audit	Audit	audit signal

Each row resolves to an OCSS Receipt a regulator can request by ID and verify by recomputing its signature against the issuer's published JWKS, with Trust List authenticity anchored to the Linux Foundation AAIF root key, turning a multi-week subpoena into a roughly 30-second cryptographic query, with no PII exposed. KOSA and CA AB 1043 are pending, and OCSS frames them as implemented, not as enforced law. ESRB, PEGI, and similar rating systems are mapped to, not endorsed.

Coverage at a glance: "is my jurisdiction in scope?"

Jurisdiction group	Laws mapped	Representative statutes
US · State	50	CA AB 1043, NY S9051, NY SAFE for Kids, CA SB 243, Maryland Kids Code, Connecticut SB 3, UT/TX App Store Accountability
US · Federal	9	KOSA, COPPA 2.0 + FTC COPPA, 18 U.S.C. §2258A/B (CSAM reporting), Sammy's Law
EU	9	EU DSA, GDPR Art. 8, EU AADC
UK	2	UK Online Safety Act, UK AADC
APAC	11	Australia Online Safety Act, India DPDPA
Americas (non-US)	5	regional child-data & age-assurance statutes
Middle East & Africa	5	regional child-data & age-assurance statutes

~91 laws across 30+ jurisdictions and 25+ countries, by current status: 54 enacted, 22 proposed, 7 pending, 5 enjoined, 3 passed-not-yet-in-force. Pending statutes (KOSA, CA AB 1043) are implemented, not represented as enforced law. The authoritative per-statute mapping (each provision to its OCSS rule, capability, and current enforcement status) is the member-accessible feed served from the signed Trust List.

§ 4

Who joins

OCSS is deliberately multi-stakeholder. Each participant type brings a distinct accountability to the table.

Platforms

apps · games · social · AI

Services that must enforce safety signals at scale across many markets. They adopt one typed contract instead of re-implementing each jurisdiction's rules by hand.

Parental-control vendors

consumer tools · the adopter

The family-facing apps that turn a parent's policy into action over one typed contract, not one integration per platform. The Certified mark becomes a trust signal you can show parents and app stores.

Device & OS vendors

os-level age signals

Operating systems and device makers that emit OS-level age signals, for example to satisfy CA AB 1043. They act on those signals at the platform layer so apps inherit a trusted age band.

Infrastructure & DNS operators

resolvers · routers · MDM · carriers

Resolvers, routers, MDM fleets, and carriers that route and enforce OCSS envelopes at the network edge. They verify each signed envelope before applying the rule, never reading the sealed payload.

Regulators (observers)

observer seat · no technical vote

Agencies that map statute to rules and rely on testable conformance evidence, the kind of verifiable signal KOSA and CA AB 1043 anticipate. The observer seat grants drafts, reviews, and a comment of record, but no vote on normative text.

Civil-society organizations

implements · does not endorse

Child-safety and rights bodies whose rating systems and frameworks OCSS maps to, such as ESRB, PEGI, and age-appropriate-design codes. OCSS implements but does not endorse (Charter §3.1); a seat keeps each mapping faithful.

Academics & researchers

adversarial review

Security and policy researchers validating the trust model, signal semantics, and verifiability claims under adversarial review. Their findings feed the open RFC process ahead of v1.0 ratification.

§ 5

Membership application

Tell us about your organization. No payment is taken at submission. A coalition coordinator follows up within five business days.

Apply to join

The Membership Working Group reviews submissions against the participant-eligibility criteria in the Charter (§2, v1.0-DRAFT), then matches you to the right tier and working groups.

No payment at submission. A coalition coordinator follows up within five business days. The standard is openly licensed and royalty-free regardless of tier.

Organization *

Contact name *

Work email *

Role / participant type *

Tier interest *

Capabilities implemented (optional)

Message (optional)

By submitting you agree to the coalition participation terms. Submissions are reviewed by the Membership Working Group, and no payment is collected at this step.

The founding cohort is forming.

Participation buys a seat and a vote, not control over the standard. Closing Q3 2026, ahead of v1.0 ratification.

Apply to join Get the Spec

This page is built for implementers and policymakers. Parents and advocates: see what OCSS does for your child across every platform they use.