RFC-ATF-12 specifies the Federation, Timeline, and Human Approval (FTHA) Layer of the Agent Trust Fabric — the twelfth RFC in the ATF Open Standard series published by OMNIX QUANTUM LTD. RFC-ATF-12 provides three structural extensions required for production multi-organizational AI governance deployments: Cross-Organizational Governance Receipt (Co-GovrR): A dual-layer PQC-signed governance artifact shared across multiple organizations without relying on any central trusted third party. OMNIX issues the canonical envelope signature (ML-DSA-65) ; each participating organization adds its own detached signature over the contentₕash. Architecture: COGOVRR-INV-001 (envelope immutable), COGOVRR-INV-002 (participant signatures append-only, one per org), COGOVRR-INV-003 (envelope before participant sigs), COGOVRR-INV-004 (disputes append-only), COGOVRR-INV-005 (cross-org independent verification), COGOVRR-INV-006 (contentₕash covers all canonical fields), COGOVRR-INV-007 (verification manifest publicly readable), COGOVRR-INV-008 (governance event reference required). Dispute protocol: append-only, attributable (PQC-signed dispute record), does not invalidate the original Co-GovrR. Public Governance Timeline (PGT): An organization-level hash chain where each governance artifact (PoGC, Co-GovrR, HAR) creates a PGT entry chaining the artifact hash to the previous entry. Hash formula: SHA3-256 (artifactₜype || artifactᵢd || artifactcontentₕash || prevₑntryₕash || orgᵢd || sequenceₙumber || timestamp) — normative and immutable (PGT-INV-007). Every 100 entries (configurable): Merkle checkpoint for O (log N) inclusion proofs. PGT-INV-005: public read without authentication. PGT-INV-002: chain integrity checked on every entry read. Analogous to CTCHC (RFC-ATF-6) at the organization level rather than the session level. Human Approval Receipt (HAR): A PQC-signed governance artifact converting human approval acts into first-class ATF artifacts. Five typed approval acts: MANDATEOVERRIDE (Board-only, max 1 per artifact per window — most restricted), RISKACCEPTANCE, DEPLOYMENTSIGNOFF, EXCEPTION, AUDITATTESTATION. Server-side Role Authorization Matrix enforced by OMNIX platform (HAR-INV-001). MIVP elevation protocol: MANDATEOVERRIDE HAR elevates mandatecertification from UNCERTIFIED to MANDATE-ALIGNED, never to MANDATE-BOUND (HAR-INV-006). Rate limiting: Redis primary + DB fallback, fixed-window per (org, artifact, type, bucket) — HAR-RATE-INV-001. Every HAR creates a PGT entry (HAR-INV-007). Justification required (min 10 chars — HAR-INV-004). Offline verifiable: HAR JSON + platform public key (HAR-INV-008). 24 new invariants are introduced: COGOVRR-INV-001–008 (8), PGT-INV-001–007 (7), HAR-INV-001–008 + HAR-RATE-INV-001 (9). Combined with the 173 invariants of RFC-ATF-1 through RFC-ATF-11, the ATF stack reaches 197 formally specified invariants across 32 protocol families. An implementation complying with RFC-ATF-1 through RFC-ATF-12 is designated ATF-FED-Compliant — the twelfth compliance tier in the ATF stack. Persistence schema: 9 new tables — atfcogovrᵣeceipts · atfcogovrₚarticipants · atfcogovrₛignatures · atfcogovrdisputes · atfₚgtₕeads · atfₚgtₑntries · atfₚgtcheckpoints · atfₕarᵣeceipts · atfₕarᵣateₗimits. All append-only except atfₚgtₕeads (updated to track chain tip). Regulatory alignment: EU AI Act Art. 9 (Co-GovrR = multi-org risk documentation), Art. 12 (PGT = complete tamper-evident governance history), Art. 14 (HAR = cryptographic human oversight record), Art. 72 (PGT public read enables market surveillance without platform access) ; GDPR Art. 22 (HAR AUDITATTESTATION = human review documentation per Art. 22 (2) (b) ) ; MiFID II Art. 16 + 25 (Co-GovrR + HAR for shared financial AI governance) ; eIDAS Regulation 910/2014 (HAR PQC signatures protocol-compatible with eIDAS advanced electronic signatures). Related ADRs: ADR-210 (Co-GovrR), ADR-211 (PGT), ADR-212 (HAR). Adversarial audit: ADR-209–212 audit 103/103 PASS. 219 invariants post-audit (including prior stacks).
Harold Alberto Nunes Rodelo (Fri,) studied this question.