ODDC Certification · Sentinel Authority

Operational Boundary Conformance
for Autonomous Systems

ODDC certification attests that an autonomous system operates within declared operational limits, with runtime enforcement verified independently and recorded immutably.

Certified systems are architecturally incapable of exceeding their declared operational domain.

Independent attestation of operational conformance

Apply for Conformance Determination → Verify a Conformance Record →
ODDC Certificate ACTIVE
ODDC-2025-00847
ISSUED 2025-02-13T08:42:17Z
SYSTEM Autonomous Navigation v3.2 OPERATOR Meridian Robotics Inc. ODD Highway, <35mph, Clear Weather ENVELO Interlock v4.2.1 CAT-72 PASSED · 0 violations HASH 8f3a2b...e9d1c4
SENTINEL AUTHORITY · IMMUTABLE REGISTRY

Autonomous systems are already deployed across transportation, finance, robotics, healthcare, and industrial automation.

Independent runtime boundary enforcement verification has not existed.

ODDC establishes it.

Sentinel Authority establishes the category of Autonomous Runtime Conformance Certification (ARCC) — independent verification that autonomous systems are structurally incapable of exceeding declared operational boundaries. Analogous to UL for electrical safety, we verify one thing: that non-bypassable runtime enforcement is architecturally present and independently verified.

SCOPE OF CERTIFICATION

What Qualifies as an Autonomous System

ODDC certification applies to systems exhibiting one or more of the following characteristics. This definition prevents scope creep and regulatory ambiguity.

AUTONOMOUS SYSTEM DEFINITION
Decision-Making Without Real-Time Human Approval
System initiates actions based on environmental inputs without requiring human confirmation per decision cycle.
Direct or Indirect Actuator Authority
System controls physical actuators, financial instruments, network resources, or other execution endpoints.
Environmental Input + Execution Authority
System ingests sensor, market, or environmental data and translates it into operational action.
Operational Impact Beyond Advisory Analytics
System output directly affects operational state — not merely informational or recommendation-based.
THE ENVELO INTERLOCK

ENVELO Interlock

Enforced Non-Violable Execution-Limit Override — a non-bypassable runtime enforcement layer providing three-tier response from self-correction to hard halt.

ENVELO INTERLOCK · RUNTIME
MODELAction request
VALIDATEBoundary check
VERDICTEnforce
APPROACHSelf-correction near ODD boundary
BREACHMinimum Risk Condition activated
WALLHard halt — execution terminated
NON-BYPASSABLE · TAMPER-EVIDENT

The runtime layer that makes boundaries unbreakable

Every autonomous action is validated against operational limits at runtime — Approach triggers self-correction. Breach forces Minimum Risk Condition. Wall contact halts execution.

01
Non-Bypassable
Every action must pass through ENVELO. No backdoors, no overrides, no exceptions.
02
Tiered Enforcement
Three enforcement tiers with zero escape paths. Each response level is architecturally mandatory — not policy-configurable.
03
Real-Time
Validation happens at execution time. No stale checks, no delayed enforcement.
04
Tamper-Evident
Every check is logged with cryptographic signatures. Full audit trail.
Deployed on your infrastructure as a runtime interlock — outbound-only, non-bypassable
SECURITY ARCHITECTURE

Zero Trust, Zero Access

Enterprise security teams ask: "Is this interlock a backdoor?" The answer is architecturally impossible.

SECURITY · ZERO TRUST
SYSTEM
OUTBOUND
INTERLOCKENVELO
TLS 1.3
REGISTRY
NO COMMANDS
NO EXECUTION
NO ACCESS
NO CONTROL
NO PHI/PII
OFFLINE OK
AUDITABLE
NO PHI/PII
01
Zero Listening Ports
Interlock opens no inbound ports. Only outbound HTTPS to api.sentinelauthority.org.
02
Customer Controlled
You deploy, configure, and terminate. We cannot start, stop, or modify remotely.
03
TLS 1.3 + Pinning
All communications encrypted with certificate pinning. Data encrypted at rest.
04
Your ODD Stays Yours
We never touch your source code, model weights, or decision logic. The Interlock transmits only operational telemetry — what your system does, not how it thinks.
THE CORE GUARANTEE

Sentinel Authority cannot send commands to your system, execute code on your infrastructure, access your network, or control your autonomous systems.

✕ NO REMOTE COMMANDS ✕ NO CODE EXECUTION ✕ NO NETWORK ACCESS ✕ NO ACTUATOR CONTROL
✓ NO PHI/PII ✓ OFFLINE ENFORCEMENT ✓ SOURCE AUDITABLE ✓ NO PHI/PII
SECURITY FAQ →
CONFORMANCE CRITERIA

Five Gates

Five gates. All required for conformance.

01
ODD
Established
Operator-declared operational boundaries
02
STABLE
Enforcement Verified
72h enforced operation
03
ENVELO INTERLOCK
Enforcement Active
Non-bypassable runtime
04
AUDIT
Tamper-Evident
Cryptographic records
05
REVOKE
Drift Protocol
Clear suspension path
CONFORMANCE STATES
● LEARNING ● BOUNDED ● CONFORMANT ● PAUSED
✓ ODDC ATTESTS
ODD defined with quantitative boundaries
Stable operation within defined ODD
ENVELO enforcement architecturally present
CAT-72 verification completed
Tamper-evident audit records available
✕ DOES NOT ATTEST
Functional safety of underlying system
Regulatory or legal compliance
Cybersecurity posture or resilience
System performance or accuracy
AI model correctness or fitness
BOUNDARY EXCEEDANCE

Any state, trajectory, or enforcement failure that exceeds attested tolerances — triggers immediate conformance review.

CONFORMANCE PROCEDURE

CAT-72

CAT-72 is Sentinel Authority’s structured conformance procedure for runtime boundary verification under continuous operational conditions. 72 hours of sustained bounded operation, independently observed and cryptographically recorded.

CAT-72 · BOUNDARY ENFORCEMENT
ENVELO WALL
MRC BOUNDARY
SELF-CORRECT
ODD
Within ODD
Near boundary
Enforcement
01
Continuous Demo
72-hr sustained operation. The Interlock observes declared operational boundaries under live telemetry to verify enforceable runtime control.
02
Stress Testing
Stress testing across discovered or specified limits. ENVELO decelerates to Minimum Risk Condition before the wall.
03
Enforcement Proof
Verified tiered response: self-correction near ODD, MRC in enforcement margin, hard halt at ENVELO wall.
VERIFY A CERTIFICATE →
CONFORMANCE PROCESS

Your Path to Attestation

The Interlock observes your system in normal operation, verifies declared boundaries, then enforces them for 72 hours. Your IP stays yours.

CONFORMANCE PATH · 5 GATES
01
APPLY
Submit ODD declaration
02
DEPLOY
ENVELO Interlock installed
03
OBSERVE
Verify declared operational boundaries
04
CAT-72
72-hour continuous enforcement test
05
CERTIFY
Conformance record issued to registry
YOUR IP STAYS YOURS · WE CERTIFY THE PROCESS
FEE SCHEDULE
Conformance Assessment
Due at application — covers ODD review, CAT-72, certificate issuance
$15,000
Annual Maintenance
Begins at certificate issuance — continuous monitoring, registry, annual review
$12,000
Enterprise
Volume pricing, dedicated support
CONTACT →

How it works: $15,000 assessment fee due at application, covering ODD review, CAT-72 administration, and certificate issuance. $12,000 annual maintenance begins at certificate issuance.

All fees USD · Base rates · Request quote

Begin Assessment

Questions? Contact us

BEYOND COMPLIANCE

Enforcement Produces Intelligence

Every conformance cycle maps where a model operates within its defined boundaries — and where it doesn't.

MAP
Violation Mapping
Precise conditions where a model exceeds its domain.
TREND
Conformance Trending
Behavior evolution across certification cycles.
REPORT
Actionable Findings
Specific, reproducible results — not abstract risk scores.
LOOP
Feedback Cycle
Each audit narrows the gap between defined and actual behavior.

Enforcement and improvement are the same operation.

Conformance may be suspended or revoked upon verified boundary exceedance or enforcement failure.

THE BUSINESS CASE

Implications of Non-Conformance

ODDC eliminates the governance proof gap.

01
Accelerate Procurement
Independent proof of runtime boundary enforcement — compressing legal review from months to weeks.
02
Competitive Differentiation
Certified vendors pass risk assessments that uncertified competitors cannot. Runtime enforcement evidence in a public registry.
03
Defensible Governance
Auditable evidence of verified, enforceable operational controls for compliance committees.
04
Insurance & Liability
ODDC produces structured, auditable runtime enforcement evidence suitable for autonomous system risk evaluation. Enforcement data replaces policy claims. Evidence replaces assurance language.
FOR ENTERPRISE PROCUREMENT

Require Verifiable Boundaries

When evaluating autonomous vendors, ask: What structurally prevents boundary violation? Is enforcement architectural or policy-based? Is verification independent? If enforcement is self-attested, governance risk remains.

The Problem
Your organization deploys AI systems that make operational decisions. Vendor self-assessments describe intentions, not enforcement. Your risk teams need proof.
The Standard
ODDC certification independently verifies that an autonomous system has enforceable runtime boundary controls. Require it from your vendors. Certified systems are listed in the public Sentinel registry.
Require ODDC From Your Vendors →

Contact us to incorporate ODDC certification into your procurement evaluation criteria.

FOR REGULATORS & GOVERNMENT

Enforceable Boundaries, Not Voluntary Frameworks

Approving autonomous systems based on self-assessment? Require independent enforcement proof instead.

The Problem
Your jurisdiction approves autonomous systems based on manufacturer self-assessment. You have no independent mechanism to verify deployed systems operate within designed parameters.
The Standard
ODDC provides an independent mechanism for verifying runtime boundary enforcement without displacing existing regulatory frameworks. Specifications are versioned and publicly documented. Revisions follow structured governance review.
Explore Regulatory Integration →

Contact us to discuss how ODDC certification integrates with your existing approval and oversight frameworks.

MARKET CONTEXT

Why Now

The gap between autonomous deployment velocity and governance infrastructure is widening. ODDC closes it.

CONVERGENCE FACTORS
Autonomous Agents Are Scaling Faster Than Oversight
AI systems with actuator authority are deploying across transportation, finance, healthcare, and industrial automation — most without independent enforcement verification.
Procurement Scrutiny Is Rising
Enterprise and government procurement committees increasingly require independent governance evidence — not vendor self-assessment.
Self-Attestation Is Collapsing
High-profile autonomous system failures have exposed the inadequacy of self-reported safety claims. Independent verification is becoming a procurement baseline.
Regulatory Frameworks Lag Deployment
Regulators recognize the gap but lack technical mechanisms for runtime verification. ODDC provides a referenceable standard without requiring new legislation.
Liability Exposure Is Increasing
Organizations deploying autonomous systems without independently verified enforcement are accumulating unquantified governance risk.
CERTIFICATION SCOPE

What ODDC Does Not Certify

Sharp boundaries increase credibility. ODDC certifies runtime boundary enforcement. Nothing else.

EXPLICIT EXCLUSIONS
No Model Evaluation
ODDC does not assess model accuracy, training methodology, or inferencing quality.
No Bias Audit
Fairness, bias detection, and demographic impact analysis are outside ODDC scope.
No Accuracy Validation
ODDC does not verify whether a system produces correct outputs — only that it operates within declared boundaries.
No Cybersecurity Certification
Network security, penetration testing, and vulnerability assessments are not part of ODDC conformance.
No Regulatory Approval
Sentinel Authority is not a regulator. ODDC certification does not constitute regulatory clearance, licensure, or government endorsement.
STANDARDS & SPECIFICATIONS

Technical Foundation

ODDC and ENVELO normative documents are published in the Sentinel Authority Publications Library.

View Publications →
RUNTIME ENFORCEMENT
ENVELO Interlock
Execution-layer enforcement of declared operational boundaries. Every autonomous action passes through a non-bypassable enforcement layer prior to actuator execution. Execution beyond declared limits is structurally prevented.
NON-BYPASSABLE
TAMPER-EVIDENT
TIERED ENFORCEMENT
REQUEST REGULATORY BRIEFING → REQUIRED FOR ODDC
OPERATIONAL SCENARIOS →
PUBLIC REGISTRY

Verify

See who’s certified. Verify any ODDC certification instantly. When your competitors are listed and you’re not, procurement committees notice.

SENTINEL REGISTRY
LIVE
Enter a certificate ID from any ODDC mark or certificate document.
PROGRAMMATIC ACCESS
Integrate verification into your systems with our REST API.
GET https://api.sentinelauthority.org/v1/verify/{cert_id}
REQUEST REGISTRY ACCESS CREDENTIALS →
CONNECT

Contact Sentinel Authority

Ready for conformance? Questions about ODDC? We're here.

GENERAL INQUIRIES
info@sentinelauthority.org
Questions about ODDC, the framework, or how conformance works.
CONFORMANCE ASSESSMENT
conformance@sentinelauthority.org
Start your ODDC certification. Founding Cohort — 2026 intake limited. Inquire for availability.
APPLY
APP.SENTINELAUTHORITY.ORG →
Create an account and begin your certification application.
TYPICAL RESPONSE < 24 HOURS
Governance

Conformance Review Board

Sentinel Authority's conformance standards are developed with input from domain experts across regulation, insurance, autonomous systems engineering, and AI safety.

REGULATORY
Former state & federal
regulatory officials
INSURANCE
Autonomous system
risk & underwriting
AI SAFETY
Machine learning
safety research

Board appointments announced 2026.

The Long View

As autonomous systems become infrastructure, independent conformance becomes foundational.

ODDC establishes enforceable operational boundaries as a verifiable standard — not a voluntary claim.

Sentinel Authority is not a regulator and does not provide legal advice. Responsibility for system implementation and operation remains with system operators.
WE DO NOT BUILD AI SYSTEMS. WE CERTIFY CONFORMANCE.