# Certification Claims

# Certification Claims

Open use of AIEP is always permitted. You may implement Mirror endpoints, publish artefacts, and build products without seeking permission.

What must be protected is truthfulness in claims. AIEP therefore distinguishes between three common phrases:

## “AIEP Compatible”

This means you can read or write AIEP artefacts, or you implement some subset of the protocol. It is a compatibility statement, not a trust statement.

## “AIEP Mirror Enabled”

This means you publish a machine interface under `/.well-known/aiep/` and make artefacts discoverable. It implies that an automated system can retrieve something meaningful from you.

## “AIEP Certified”

This is the strongest claim. It implies a verifiable certificate issued under a policy and anchored in machine-readable metadata.

If you claim certification, you should publish:
- certificate id and URL
- issuer identity and verification material
- a signature and policy reference
- revocation or expiry where applicable

If those fields are missing, the certification claim should be treated as unverified.

Certification exists to prevent the phrase “AIEP Certified” becoming marketing fluff. It protects users and preserves trust in the ecosystem.