Autonomous Systems Certification

Independent conformance certification that autonomous systems operate within defined limits — enforced at runtime, verified independently, recorded immutably.

ODDC CONFORMANCE CERTIFICATE CONFORMANT
ODDC v1.0
Certificate of Conformance
CERT ODDC-2025-00847
Meridian Autonomous Systems, Inc.
MAS-Route Optimizer v2.3.1
ISSUED
14 Jan 2025
EXPIRES
14 Jan 2026
CAT-72
PASS
Urban surface roads, ≤45 mph, daylight, low-precipitation. Geofenced to metro area.
SENTINEL AUTHORITY 8f3a2b...e9d1c4

Autonomous systems operate across transportation, finance, robotics, healthcare, and industrial automation without independently verified runtime boundary enforcement.

ODDC defines and attests a discrete category of independent runtime boundary enforcement verification. Historically, this category has not been formalized as a recognized conformance domain.

SCOPE OF CERTIFICATION

Systems Within Scope

ODDC certification applies to systems exhibiting one or more of the following characteristics.

AUTONOMOUS SYSTEM DEFINITION
Decision-Making Without Real-Time Human Approval
System initiates actions based on environmental inputs without requiring contemporaneous human approval for each execution event.
Direct or Indirect Actuator Authority
System controls physical actuators, financial instruments, network resources, or other execution endpoints.
Environmental Input and Execution Authority
System ingests sensor, market, or environmental data and translates it into operational action.
Direct Operational Effect
System outputs directly alter operational state and are not limited to advisory or informational functions.
RUNTIME ENFORCEMENT

ENVELO Interlock

Enforced Non-Violable Execution-Limit Override — a non-bypassable runtime enforcement layer providing three-tier response from self-correction to hard halt. ENVELO is an architecture requirement — operators implement it, Sentinel Authority independently verifies it.

ACTION VERDICT MODEL ENVELO INTERLOCK GATE IDLE EXECUTE MRC HALT AUDIT · 0 CHECKED · 0 PASSED · 0 BLOCKED
01
Non-Bypassable
All autonomous execution events pass through the enforcement layer. The architecture contains no alternative execution pathways that bypass enforcement.
02
Tiered Enforcement
Three enforcement tiers — self-correction, Minimum Risk Condition, and enforced halt. Each response level is architecturally mandatory.
03
Synchronous Validation
Boundary validation occurs synchronously at execution time.
04
Tamper-Evident
Enforcement telemetry is recorded in a tamper-evident, cryptographically linked audit chain. Any gap, reorder, or modification breaks the chain and is flagged.
05
Standardized Boundary Event Determination
The ENVELO enforcement layer records boundary enforcement events pursuant to telemetry definitions established under the ODDC specification. Boundary exceedance conditions, enforcement activations, and drift indicators are determined and categorized by the enforcement architecture and are not operator-configurable. Telemetry integrity is verified with the operator prior to initiation of the CAT-72 verification period.
DECISION AUTHORITY AND EXECUTION CONSTRAINT
Sentinel Authority does not influence model logic, decision-making processes, or operational parameter selection. Operators define system behavior, enforcement thresholds, and operational design domains (ODD). The Pre-CAT-72 Audit Control Review does not prescribe operational parameters — it verifies that operator-declared ODD boundaries are sufficiently specified and that the ENVELO Interlock is correctly configured to enforce them. Operators retain full authority over what those boundaries are.
The ENVELO Interlock operates exclusively at the execution boundary. It enforces operator-declared limits by preventing actions outside declared operational parameters. It does not modify behavior, influence strategy, or override operator-defined fail-safe mechanisms within the declared ODD.
Decision authority remains solely with the operator. Boundary enforcement integrity is independently verified pursuant to the ODDC standard.
Enforcement is continuous. The ENVELO Interlock operates at all times on the operator's infrastructure — not only during CAT-72 assessment periods. Between conformance determinations, the interlock continues to enforce boundaries, log telemetry, and trigger PAUSED state on drift detection. The tamper-evident record covers the full inter-period interval. Sentinel Authority does not monitor live telemetry — the interlock enforces independently, and SA periodically verifies that enforcement was maintained.
Removal or disablement of the ENVELO Interlock automatically invalidates the associated ODDC certificate.
SECURITY ARCHITECTURE

Access Isolation Model

The interlock introduces no inbound access paths and no remote execution capability.

REQUEST TELEMETRY MODEL ENVELO SENTINEL AUTHORITY REGISTRY
01
ODD
Established
Operator-declared operational boundaries
02
SUSTAINED ENFORCEMENT VERIFICATION
Enforcement Verified
Minimum 72 cumulative hours of enforced operational exposure
03
ENVELO INTERLOCK
Enforcement Active
Non-bypassable runtime
04
AUDIT
Tamper-Evident
Cryptographic records
05
DRIFT DETECTION AND REVOCATION PROTOCOL
Drift Protocol
Clear suspension path
Gate 01
ODD Established
Operator-declared operational boundaries
Gate 02
Sustained Enforcement Verification
Minimum 72 cumulative hours of enforced operational exposure
Gate 03
ENVELO Interlock
Non-bypassable runtime enforcement active
Gate 04
Audit
Cryptographic, tamper-evident records
Gate 05
Drift Detection & Revocation Protocol
Clear suspension path
CONFORMANCE STATES
● LEARNING ● BOUNDED ● CONFORMANT ● PAUSED
ODDC ATTESTS TO
ODD defined with quantitative boundaries
Stable operation within defined ODD
ENVELO enforcement architecturally present
CAT-72 verification completed
Tamper-evident audit records available
ODDC DOES NOT ATTEST TO
Functional safety of underlying system
Regulatory or legal compliance
Cybersecurity posture or resilience
System performance or accuracy
AI model correctness or fitness
BOUNDARY EXCEEDANCE

Any system state or enforcement failure exceeding attested tolerances constitutes a boundary exceedance and initiates conformance review pursuant to established protocol.

CONFORMANCE PROCEDURE

CAT-72

Cumulative enforcement verification of runtime boundary integrity across representative operational exposure within the declared Operational Design Domain (ODD).

INTERLOCK 0h ODD BOUNDARY 12h 24h 36h 48h 60h 03h 4% OF 72H MINIMUM · ENFORCEMENT EXPOSURE
01
Sustained Enforcement Exposure
A minimum of 72 cumulative hours of autonomous operation under active interlock enforcement within the declared ODD. Higher-risk operational domains may require extended verification periods as determined during the Pre-CAT-72 Audit Control Review.
02
Telemetry Integrity Verification
Cryptographic audit chain maintained across all operational intervals. Each enforcement event is hash-chained and timestamped, producing a tamper-evident record of interlock activity throughout the verification period.
03
Pre-CAT-72 Audit Control Review
Before CAT-72 testing is authorized, Sentinel Authority conducts a structured ODDC Audit Control Review — a formal evaluation of ODD boundary definition, ENVELO Interlock enforcement configuration, and telemetry readiness. Systems that do not meet the audit threshold are returned to the applicant with findings. This gate is the primary mechanism by which Sentinel Authority ensures only properly configured systems enter the verification period.
04
Conformance Determination
Upon completion of the cumulative verification period, Sentinel Authority independently reviews telemetry records, validates audit chain integrity, and issues an ODDC conformance determination recorded in the public registry. Review is conducted pursuant to the ODDC specification.
VERIFICATION SCOPE
CAT-72 does not constitute functional safety validation, performance certification, or regulatory approval. It verifies enforcement persistence and telemetry integrity within the declared ODD and does not assess the adequacy or safety of declared limits.
ASSESSMENT PROCEDURE

Conformance Process

The ENVELO Interlock records and enforces system operation within the declared ODD, verifies boundary adherence pursuant to the CAT-72 procedure, and accumulates not less than seventy-two (72) cumulative enforcement hours across active operational intervals.

1 APPLY 3 FIELDS 2 APPROVE PAYMENT 3 DEPLOY ONE COMMAND 4 DISCOVER AUTO-BOUNDARIES 5 CAT-72 72 HOURS CERTIFIED AUTOMATED
FEE SCHEDULE
Conformance Assessment
Due at application — covers Pre-CAT-72 Audit Control Review, CAT-72 enforcement testing, and ODDC certificate issuance.
$15,000
Annual Maintenance
Begins at certificate issuance — continuous ENVELO Interlock enforcement verification, tamper-evident audit record maintenance, annual conformance renewal assessment, and public registry status maintenance.
$12,000
Enterprise
Enterprise arrangements available upon request.
CONTACT →

All fees USD · Base rates · Enterprise inquiries

Submit Application

Questions? Contact us

DATA AND RECORDS

Conformance Data Outputs

Conformance cycles generate structured enforcement data indicating boundary adherence and exceedance conditions across active operational intervals.

01
Boundary Exceedance Conditions
Structured records of conditions under which enforcement actions were triggered during the verification period.
02
Cross-Cycle Enforcement Metrics
Longitudinal enforcement data across certification periods, available for operator review and regulatory submission.
03
Structured Determination Records
Reproducible, cryptographically authenticated enforcement records suitable for regulatory submission and underwriting review.
04
Documented Remediation and Reassessment Pathways
Upon suspension or exceedance, structured remediation and reassessment procedures are defined under the Conformance Agreement.

Conformance may be suspended or revoked upon verified boundary exceedance or enforcement failure.

GOVERNANCE IMPLICATIONS

Implications of Non-Conformance

ODDC provides independently verifiable evidence of runtime boundary enforcement.

01
Procurement Review Efficiency
Independently verifiable enforcement evidence reduces procurement uncertainty and supports structured vendor risk evaluation.
02
Independent Risk Differentiation
Certification provides independently verifiable enforcement evidence for procurement and risk evaluation. Registry records are publicly accessible.
03
Defensible Governance
Auditable evidence of verified, enforceable operational controls for compliance committees.
04
Insurance & Liability
ODDC produces structured, auditable runtime enforcement evidence suitable for autonomous system risk evaluation. Enforcement data supplements vendor self-attestation with independently verifiable records.
FOR ENTERPRISE PROCUREMENT

Evaluation of Runtime Boundary Enforcement

Procurement review of autonomous systems should evaluate whether runtime boundary enforcement is architectural or policy-based, and whether verification is independent. Self-attested enforcement leaves governance risk unmitigated.

Current Evaluation Context
Organizations deploying autonomous systems that make operational decisions require independently verifiable enforcement evidence. Vendor self-assessments describe intentions, not enforcement architecture.
Available Mechanism
ODDC certification independently verifies that an autonomous system has enforceable runtime boundary controls. ODDC certification may be incorporated into procurement evaluation criteria. Certified systems are listed in the public Sentinel registry.
Incorporating ODDC into Procurement Criteria →

Contact us to incorporate ODDC certification into your procurement evaluation criteria.

FOR REGULATORS & GOVERNMENT

Independent Verification of Runtime Boundary Enforcement

Many regulatory frameworks rely on manufacturer self-assessment for autonomous system approval. ODDC provides a mechanism for independent enforcement verification.

Current Evaluation Context
Jurisdictions that approve autonomous systems based on manufacturer self-assessment may lack an independent mechanism to verify that deployed systems operate within declared operational parameters.
Available Mechanism
ODDC provides an independent mechanism for verifying runtime boundary enforcement without displacing existing regulatory frameworks. Specifications are versioned and publicly documented. Revisions follow structured governance review.
Regulatory Integration Documentation →

Regulatory integration documentation available upon request.

THE ENFORCEMENT GAP

Deployment Environment

Autonomous systems are deployed without independently verifiable runtime enforcement. ODDC formalizes that missing category of verification.

PROBLEM
Autonomous systems with actuator authority operate across transportation, finance, healthcare, and industrial automation. Approval mechanisms rely on manufacturer self-attestation. No independent mechanism exists to verify that a deployed system enforces its declared operational boundaries at runtime. This creates a governance gap between declared operational intent and verified enforcement behavior.
MECHANISM
ODDC defines a discrete conformance category: independent verification of runtime boundary enforcement. The standard requires a non-bypassable interlock architecture (ENVELO), a minimum cumulative enforcement verification period (CAT-72), and a tamper-evident audit chain. Conformance determinations are recorded in a public registry. The standard is compatible with existing regulatory frameworks without displacing them.
CERTIFICATION SCOPE

What ODDC Does Not Certify

ODDC certification is limited to runtime boundary enforcement.

EXPLICIT EXCLUSIONS
No Model Evaluation
ODDC does not assess model accuracy, training methodology, or inferencing quality.
No Bias Audit
Fairness, bias detection, and demographic impact analysis are outside ODDC scope.
No Accuracy Validation
ODDC does not assess output correctness, performance quality, or functional adequacy.
No Cybersecurity Certification
Network security, penetration testing, and vulnerability assessments are not part of ODDC conformance.
No Regulatory Approval
Sentinel Authority is an independent conformity assessment body and does not function as a regulatory authority. ODDC certification does not constitute regulatory clearance, licensure, or government endorsement.
STANDARDS & SPECIFICATIONS

Governing Specifications

ODDC and ENVELO normative documents are published in the Sentinel Authority Publications Library.

Normative Documents →
RUNTIME ENFORCEMENT
ENVELO Interlock
Non-bypassable execution-layer enforcement of operator-declared operational boundaries. Normative specification and deployment requirements are published in the Standards Library.
Regulatory Integration Documentation → REQUIRED FOR ODDC
Operational Scenarios →
PUBLIC REGISTRY

Verify

The public registry maintains a record of all active ODDC conformance determinations. Certifications may be verified through the registry by certificate identifier.

SENTINEL REGISTRY
ACTIVE
Enter a certificate ID from any ODDC mark or certificate document.
PROGRAMMATIC ACCESS
Registry verification is available via REST API.
GET https://api.sentinelauthority.org/v1/verify/{cert_id}
API Access Documentation →
CONTACT

Contact Sentinel Authority

Contact Sentinel Authority for conformance inquiries, regulatory integration, or application submission.

GENERAL INQUIRIES
info@sentinelauthority.org
Questions about ODDC, the framework, or how conformance works.
CONFORMANCE ASSESSMENT
conformance@sentinelauthority.org
Conformance assessment inquiries and application submissions.
APPLY
APP.SENTINELAUTHORITY.ORG →
Access the conformance application portal.
Governance

Standards Governance

ODDC is a published conformance standard. Sentinel Authority is an independent conformity assessment body that certifies against that standard — it does not own, control, or define conformance outcomes. The standard and the certifier are structurally distinct.

ODDC specifications are subject to structured governance review. Revisions are versioned, publicly documented, and subject to independent technical review prior to adoption. Governing documents are available in the publications registry.

STANDARD
ODDC — published
conformance specification
CERTIFIER
Sentinel Authority — independent
conformity assessment body
PUBLIC RECORD
All revisions and governing
documents publicly archived
INSTITUTIONAL SAFEGUARDS
AUDITOR INDEPENDENCE
Structural separation between conformance reviewers and business development. Zero financial interest in determination outcomes.
CONFLICT OF INTEREST
No equity, advisory relationship, or revenue-sharing with any applicant or certified operator. Fees are fixed and non-contingent on outcome.
SUSPENSION & APPEALS
Written notification with findings. Defined response period. Independent review of submitted evidence. Final determination recorded in the public registry.
TELEMETRY PROVENANCE
Sentinel Authority verifies enforcement behavior against telemetry as received. The operator bears sole responsibility for sensor accuracy, calibration, and data integrity.
Scope and Mission

Independent conformance supports infrastructure-scale deployment of autonomous systems.

ODDC defines enforceable operational boundaries subject to independent attestation.

Sentinel Authority is an independent conformity assessment body and does not function as a regulatory authority or provide legal advice. Responsibility for system implementation and operation remains solely with system operators.
Sentinel Authority conducts independent conformance determinations and does not design, deploy, or authorize autonomous systems.