Operational Design Domain
Conformance

Autonomy, enforced.

Get Started How It Works

Independent conformance determination. Not a regulator. ODDC does not attest to safety or regulatory compliance.

THE ENFORCEMENT LAYER

ENVELO

Enforced Non-Violable Execution-Limit Override — three-tier enforcement from self-correction to hard halt.

The runtime layer that makes boundaries unbreakable

Every autonomous action is validated against declared limits at runtime. Approach triggers self-correction. Breach forces Minimum Risk Condition. Wall contact halts execution.

01
Non-Bypassable
Every action must pass through ENVELO. No backdoors, no overrides, no exceptions.
02
Tiered Enforcement
Approach triggers self-correction. ODD breach forces Minimum Risk Condition. Wall contact halts execution. Three tiers, zero escape.
03
Real-Time
Validation happens at execution time. No stale checks, no delayed enforcement.
04
Tamper-Evident
Every check is logged with cryptographic signatures. Full audit trail.
Deployed by Sentinel as a runtime interlock on your infrastructure — outbound-only, non-bypassable
SECURITY ARCHITECTURE

Zero Trust, Zero Access

Enterprise security teams ask: "Is this interlock a backdoor?" The answer is architecturally impossible.

01
Zero Listening Ports
Interlock opens no inbound ports. Only outbound HTTPS to api.sentinelauthority.org.
02
Customer Controlled
You deploy, configure, and terminate. We cannot start, stop, or modify remotely.
03
TLS 1.3 + Pinning
All communications encrypted with certificate pinning. Data encrypted at rest.
THE CORE GUARANTEE

Sentinel Authority cannot send commands to your system, execute code on your infrastructure, access your network, or control your autonomous systems.

✕ NO REMOTE COMMANDS ✕ NO CODE EXECUTION ✕ NO NETWORK ACCESS ✕ NO ACTUATOR CONTROL
✓ NO PHI/PII ✓ OFFLINE ENFORCEMENT ✓ SOURCE AUDITABLE ✓ HIPAA/BAA
SECURITY FAQ →
CONFORMANCE CRITERIA

Five Gates

Five gates. All required for conformance.

01
ODD
Formally Specified
Quantitative boundaries
02
STABLE
Proven Behavior
72h within bounds
03
ENVELO
Enforcement Active
Non-bypassable runtime
04
AUDIT
Tamper-Evident
Cryptographic records
05
REVOKE
Drift Protocol
Clear suspension path
CONFORMANCE STATES
● OBSERVE ● BOUNDED ● CONFORMANT ● PAUSED
✓ ODDC ATTESTS
ODD formally specified with boundaries
Stable operation within declared ODD
ENVELO enforcement architecturally present
CAT-72 verification completed
Tamper-evident audit records available
✕ DOES NOT ATTEST
Functional safety of underlying system
Regulatory or legal compliance
Cybersecurity posture or resilience
System performance or accuracy
AI model correctness or fitness
BOUNDARY EXCEEDANCE

Any state, trajectory, or enforcement failure that exceeds attested tolerances — triggers immediate conformance review.

CONFORMANCE PROCEDURE

CAT-72

72 hours of continuous operation within declared boundaries. The diagnostic baseline for autonomous system conformance.

01
Continuous Demo
72-hr sustained operation. Systems self-correct near ODD boundary. ENVELO monitors without intervention.
02
Stress Testing
Edge conditions force ODD breaches. ENVELO intervenes — decelerating operations to Minimum Risk Condition before the wall.
03
Enforcement Proof
Verified tiered response: self-correction near ODD, MRC in enforcement margin, hard halt at ENVELO wall.
VERIFY A CERTIFICATE →
BEYOND COMPLIANCE

Enforcement Produces Intelligence

Every conformance cycle maps where a model operates within its declared boundaries — and where it doesn't.

MAP
Violation Mapping
Surfaces the precise conditions where a model exceeds its declared domain.
TREND
Conformance Trending
Longitudinal data showing behavior evolution across certification cycles.
REPORT
Actionable Findings
Specific, reproducible results — not abstract risk scores.
LOOP
Feedback Cycle
Each audit narrows the gap between declared and actual behavior.

Enforcement and improvement are the same operation.

CONFORMANCE PROCESS

Your Path to Attestation

From application to conformance in 2-4 weeks.

FEE SCHEDULE
Conformance Assessment
Due at application — covers ODD review, CAT-72, certificate issuance
$12,000
Annual Maintenance
Begins at certificate issuance — continuous monitoring, registry, annual review
$12,000
Enterprise
Volume pricing, dedicated support
CONTACT →

How it works: $12,000 assessment fee due at application. Non-refundable — covers ODD review, CAT-72 administration, and certificate issuance. $12,000 annual maintenance begins at certificate issuance.

All fees USD · Base rates · Request quote

Begin Assessment

Questions? Contact us

DOCUMENTATION

Resources

Normative specifications, implementation guides, and the ENVELO Interlock.

ODDC v1.0 — EFFECTIVE JAN 2026 STATUS →
DOCUMENTS
ODDC Overview v1.0 PDF ↓
ENVELO Requirements v1.0 PDF ↓
CAT-72 Procedure v1.0 PDF ↓
Critical Q&A v1.0 PDF ↓
RUNTIME ENFORCEMENT
ENVELO Interlock
The interlock layer that makes execution limits non-violable. Tiered enforcement: self-correction, controlled degradation, hard halt.
NON-BYPASSABLE
TAMPER-EVIDENT
TIERED ENFORCEMENT
ACCESS INTERLOCK → REQUIRED FOR ODDC
INDUSTRY SCENARIOS — 10 VERTICALS →
PUBLIC REGISTRY

Verify

Instant verification. Real-time status. Zero trust required.

SENTINEL REGISTRY
LIVE
Enter a certificate ID from any ODDC mark or certificate document.
PROGRAMMATIC ACCESS
Integrate verification into your systems with our REST API.
GET https://api.sentinelauthority.org/v1/verify/{cert_id}
REQUEST API KEY →
CONNECT

Let's Talk

Ready for conformance? Questions about ODDC? We're here.

GENERAL INQUIRIES
info@sentinelauthority.org
Questions about ODDC, the framework, or how conformance works.
CONFORMANCE ASSESSMENT
conformance@sentinelauthority.org
Start assessment, pricing questions, or enterprise solutions.
APPLY
APP.SENTINELAUTHORITY.ORG →
Create an account and begin your certification application.
TYPICAL RESPONSE < 24 HOURS