The Protocol

Trust, enforced at the action level

Name: EMILIA Protocol
Availability: InStock
Author: EMILIA Protocol

EMILIA Protocol (EP) is an open standard for binding actor identity, authority, policy, and exact action context into a single cryptographic ceremony — before any high-risk action is allowed to proceed.

Most authorization systems verify who is acting. EP verifies whether this specific action should be allowed to proceed right now, given the full context of who is asking, what authority they hold, and what policy governs the decision.

The 5-Endpoint Story

One ceremony, five steps

Every EP ceremony follows the same disciplined flow.

/initiateClient requests a trust ceremony by describing the high-risk action, actor identity, and context.

/evaluateEP engine evaluates the request against bound policy, authority chain, and environmental conditions.

/signoffWhen policy requires human accountability, a named responsible party explicitly assumes ownership.

/executeOne-time ceremony token is consumed. The action proceeds with full cryptographic binding.

/auditImmutable event record links every authorization to its outcome in an append-only trail.

State Machine

Ceremony lifecycle

Each ceremony transitions through a deterministic set of states. No ambiguity, no undefined behavior.

INITIATEDCeremony request received and validated.

EVALUATINGPolicy engine processing bindings and constraints.

PENDING_SIGNOFFAwaiting human accountability signoff.

APPROVEDAll bindings satisfied. One-time token issued.

EXECUTEDToken consumed. Action completed.

DENIEDPolicy evaluation failed. Action blocked.

EXPIREDCeremony token exceeded temporal bounds.

Seven Binding Guarantees

What EP binds, every ceremony

Actor identity. Authority chain. Exact action context. Policy version and hash. Nonce and expiry. One-time consumption. Immutable event traceability. Every ceremony. No exceptions. The eighth property — accountable signoff — applies whenever policy requires named human ownership.

Property_01

Actor identity

Cryptographically verified identity of the entity requesting the action.

verify(entity.keyId)

Property_02

Authority chain

Complete delegation path from root authority to the acting principal.

∀d ∈ D: d(root→actor)

Property_03

Exact action context

The precise operation, target, parameters, and environmental conditions.

bind(action, params)

Property_04

Policy version and hash

Immutable reference to the exact policy version that authorized this action.

pin(policy.sha256)

Property_05

Nonce and expiry

One-time cryptographic nonce and strict temporal bounds on authorization.

N_{t} ≠ N_{t-1}

Property_06

One-time consumption

Each ceremony token is consumed on use — no replay, no reuse, no ambiguity.

consume(token_id, lock)

Property_07

Immutable event traceability

Append-only audit trail linking every authorization to its outcome.

Append(Log, Hash(E))

Property_08

Accountable signoff (extension)

Named human responsibility for the exact action, cryptographically bound to the ceremony.

attest(actor, action)

Read the Full Spec Request Pilot

Protocol Governance

Immutable core, extensible edges

EP Core v1.0 (Trust Receipt, Trust Profile, Trust Decision) is frozen. Changes require a Protocol Improvement Proposal, 90-day review, and major version bump with 24-month deprecation. Extensions are added without touching Core.

PIP-001Core FreezeAccepted

PIP-002HandshakeAccepted

PIP-003Accountable SignoffAccepted

PIP-004EP CommitAccepted

PIP-005Emilia EyeAccepted

PIP-006FederationDraft

Rollout Schematics

Progressive phased deployment

EP rolls out in four phases. Most pilots begin in OBSERVE for 2–4 weeks to generate the “what would have been blocked” report before flipping to enforce.

01

Start with Eye

Observe, shadow, then enforce. Eye runs alongside existing workflows — logging first, flagging without blocking, then enforcing full ceremony when ready.

02

Enforce with Handshake

Policy-bound pre-action trust enforcement. Canonical binding, replay resistance, one-time consumption. Seven properties verified before execution proceeds.

03

Own with Signoff

Named human ownership when policy requires it. Not MFA. Cryptographically bound, action-specific accountability before execution.

04

Seal with Commit

Atomic write to the immutable audit chain. Handshake consumed, signoff consumed, event chain sealed. Execution released. Cannot be undone.

Compliance & Standards

Built for regulated adoption

EP has formal compliance mappings for 38 NIST AI RMF subcategories across all four functions (GOVERN, MAP, MEASURE, MANAGE) and EU AI Act Articles 9–15 + 26. SOC 2 Type II preparation is underway. Every mapping cites specific EP primitives — not aspirational claims.

NIST AI RMF

38 mapped

Across GOVERN, MAP, MEASURE, MANAGE — see docs/compliance/NIST-AI-RMF-MAPPING.md

EU AI Act

Articles 9-15, 26

High-risk AI systems (Title III, Chapter 2) — see docs/compliance/EU-AI-ACT-MAPPING.md

SOC 2 II

Preparing

Auditor selection in progress

Open Protocol

Read the spec. Run the reference implementation. Request a pilot.

EP is Apache 2.0 licensed. The spec, the formal verification, and the reference runtime are all public.

Read the Full Spec Request Pilot →