# Compliance

AIEP is open. **Open use is always permitted.** Compliance in AIEP is not a mechanism for policing adoption. It exists to preserve trust in the ecosystem when people make claims that others may rely upon.

In practice, compliance focuses on three things:

1. false certification claims  
2. misuse of certification marks or phrases  
3. redistribution of NDA-restricted packs where applicable

## The principle: verify claims, not adoption

The compliance stance is intentionally narrow. If you publish Mirror endpoints, adopt schemas, and build tools on the protocol, that is encouraged. Compliance does not exist to stop you.

Compliance exists to stop dishonest certification claims from poisoning the ecosystem. If “AIEP Certified” is used without verifiable evidence, the phrase becomes meaningless.

## Machine-readable compliance surfaces

The Hub exposes compliance policy and signals as machine-readable files. This allows validators and automated checks to behave consistently.

`/.well-known/aiep/compliance/policy.json`  
`/.well-known/aiep/compliance/signals.json`

## What happens if a concern is raised

A proper compliance assessment should be evidence-based. A notice should include timestamps, retrieved URLs, and hashes of the relevant artefacts so the observation can be reproduced.

The remediation path should be simple: either remove the false claim, or publish the proof required to support it.