The Internet Transparency Stack: The Durable Infrastructure for AI Governance

There is a question that the internet, as currently built, cannot answer. Before you identify yourself to a service, and before your data crosses a border, can you determine who is accountable for that processing, for what purpose, and under what authority? Today the answer is no. Accountability is buried in policy URLs, asserted in prose, and unreachable until long after processing is underway. The posture is "trust us," and it is precisely backwards: it makes accountability depend on trust, when trust should depend on accountability.

The Internet Transparency Stack is built to invert that. It is a layered reference architecture for operational transparency, presented to ISO/IEC JTC 1/SC 27 Working Group 5 at the June 2026 plenary as part of PWI 26689. This piece walks the stack layer by layer, traces the standards lineage that produced it, and makes the argument for why a layered transparency stack, open and evidence-based, is the durable infrastructure that AI governance has been missing.

Endorsed by the UN Human Rights Office and the Council of Europe. The UN Human Rights Office (UNHR) and the Convention 108+ Secretariat have endorsed an approach to an Internet Transparency Code of Practice, inviting Working Group 5 to provide the core governance interoperability across borders. The Internet Transparency Stack is the technical architecture beneath that Code.

Read the keynote: Before Identification, Council of Europe, CPDP Brussels, May 2026

The stack, read bottom to top

The architecture has a simple discipline. Authority cascades down: a treaty obligation gives a standard its force; a standard gives a record its meaning. Evidence informs up: a receipt at the bottom becomes the proof a regulator relies on at the top. Each layer makes the layer above it possible.

Layer 1 — Foundation: OECD Cross-Border Guidelines and Convention 108 (1980 to 1981)

The bottom layer is forty-five years old. The OECD Guidelines and the original Convention 108 established, at the dawn of automated data processing, that notice and awareness are required across all instruments. Every layer above inherits this. The stack does not invent transparency as a principle; it operationalizes a principle that has been settled, at the level of international instruments, since before the commercial internet existed.

Layer 2 — Framework: ISO/IEC 29100

ISO/IEC 29100 is the technology-neutral privacy framework, the reference vocabulary of principles that the rest of the technical stack aligns to. It is owned by Working Group 5. It is the layer that lets a record built in one jurisdiction mean the same thing in another, because both reference the same principle set.

Layer 3 — Presentation: ISO/IEC 29184

ISO/IEC 29184 governs online notice and consent controls, how notice is presented to a person at the point of interaction. This is the surface most people have actually seen, the consent moment. PWI 26689 begins from the observation that 29184:2020 provides a strong foundation but now faces recurring interoperability gaps: credential wallets and constrained device interfaces, machine-processable notices for software agents, and multi-jurisdictional enforcement expectations the presentation layer alone cannot satisfy.

Layer 4 — Record: ISO/IEC TS 27560:2023

This is the anchor. TS 27560:2023 specifies the consent record and receipt structure, the data model that turns a consent moment into a durable, structured record. It has been freely available since May 2025, and that openness is not incidental: it is a structural prerequisite, which the argument below develops. The record layer is where a notice stops being a transient screen and becomes evidence.

Layer 5 — Evidence: 27560-x, the Notice Receipt Profile

This is the new layer, and the one PWI 26689 is building. The record at layer 4 says what was agreed; the evidence layer proves it, in a form that is machine-readable and interoperable across jurisdictions, legal bases, and implementations. The Notice Receipt Profile carries proof of disclosure, the controller's authority, and the rights context, the three things a regulator needs and a person should be able to inspect. It is proposed as an open profile, for the same reasons the record beneath it is open.

Layer 6 — Treaty: CETS 225 and Convention 108+

Above the standards sits binding law. Convention 108+ is in force across more than 55 parties; CETS 225, the Council of Europe AI Convention, extends binding obligations into AI governance and is moving through ratification. This is the layer that gives the technical record its enforceable authority. Without it, a receipt is a nice artefact. With it, a receipt is evidence of a treaty obligation met or missed.

Layer 7 — Enforcement: Internet Transparency Code of Practice

At the top, the Internet Transparency Code of Practice translates Convention 108+ obligations into operational requirements for digital services. This is where the abstract obligation, "processing shall be transparent," becomes a thing a controller must actually do and a supervisory authority can actually check. It is under development, and Working Group 5 input is the channel through which the technical layers below it become the operative mechanism for the treaty above it.

The gap, and the work that closes it

Working Group 5 owns the technical core: layers 2 through 5, the framework, the presentation, the record, and the evidence profile. The treaty and the enforcement code sit with the Council of Europe. Between them is the gap that the whole architecture exists to name.

No layer connects the record at layer 4 to the treaty at layer 6. There is no standard that ties controller authority to individual evidence in a way a regulator in any jurisdiction can rely on. The umbrella finding, designated Gap 16A in the Part 2 gap analysis, states it plainly: online privacy modes carry no machine-verifiable rights context. No legal basis, no minimum notice disclosure, no obligations, no derogations, no accountable delegation. A stakeholder cannot determine what rules apply.

Broken down, the gap is five missing authority elements:

• Data access authority — the controller identity should be resolvable before identification is demanded; today it is buried in policy URLs with no standard controller record.
• Processing authority — the legal basis and its constraints should be machine-readable and version-bound; today they are stated in prose, not interoperable, not version-linked.
• Data control and rights — rights routes should be durable, version-linked, and portable across borders; today they are fragmented.
• Reuse and secondary purpose — a subsequent purpose should be explicitly bound at first notice with an audit trail; today purpose bundling is uncontrolled.
• Delegation — an agent acting on a person's behalf should carry an explicit delegation scope and audit trail; today there is no delegation record model, and agents act without an accountable basis.

PWI 26689 closes this gap. The 27560-x Notice Receipt Profile is the connective layer: a machine-readable notice record, a disclosure-evidence model, and a rights-context header, interoperable across jurisdictions and legal bases. The path to enforceability runs through a Working Group 5 to Council of Europe Transparency by Default (TbD) liaison, the formal channel through which the technical standard becomes operative input to the Code of Practice. That liaison is the difference between a standard that may be adopted and a standard that is the operative mechanism for a binding treaty.

The standards lineage

The stack is not a fresh invention. It is a lineage, each instrument building on the one before, running unbroken from 1980 to the work in progress now:

OECD Cross-Border Guidelines plus Convention 108 (1980 to 1981) to ISO/IEC 29100 to ISO/IEC 29184:2020 to ISO/IEC TS 27560:2023 to 27560-x (PWI 26689) to Convention 108+ and CETS 225 to Internet Transparency Code of Practice

Read as a sentence: a foundational obligation to give notice, refined into a principle framework, made concrete as presentation controls, structured into a durable record, proven by an evidence profile, bound by treaty, and enforced through a code of practice. Each step is a published instrument or active standards work, not a proposal floating free of the system that gives it authority.

This lineage is why the stack is credible to a committee and legible to the public at the same time. It does not ask anyone to adopt a new philosophy. It asks them to connect instruments that already exist, and to build the one connective layer, the evidence profile, that is genuinely missing.

Why the stack must be open

A transparency stack that scales across borders cannot be built on proprietary or paywalled standards. Every actor in the chain, every controller, every relying party, every supervisory authority in every jurisdiction, must be able to read the same specification. Interoperability is not possible when the specification itself is behind a licence fee, because cross-border transparency requires that any authority, anywhere, can inspect the standard without paying for the privilege.

TS 27560:2023 is the model: freely available since May 2025, which is what makes adoption at scale possible. The same logic applies to the evidence profile above it, which is proposed as an open profile. This is also why keeping TS 27560 as a separate, freely available track, distinct from the CD2 process, matters: the open anchor is load-bearing for the entire stack. A standard that is the evidence layer for a binding treaty cannot be one that a regulator must purchase before they can enforce it.

Why layered, evidence-based transparency is the durable infrastructure

The case for the stack is a case against two failure modes.

The first is asserted transparency. A privacy policy is an assertion: it tells you accountability exists somewhere. It is not inspectable at the point of contact, not machine-readable, not bound to evidence. Asserted transparency cannot support an enforcement decision, because there is nothing to verify. The stack replaces assertion with evidence, the receipt, the record, the log, artefacts a regulator can point to and a person can hold.

The second is point solutions. A single clever tool solves one company's problem in one jurisdiction and interoperates with nothing. Governance at internet scale cannot be a thousand bespoke integrations. The stack is layered precisely so that each layer is reusable: a record built to layer 4 is readable by any compliant system at layer 5, portable across the borders governed at layer 6, enforceable through the code at layer 7. Four interoperability dimensions define what the architecture must cover: cross-system (records readable without bespoke integration), cross-border (evidence portable across jurisdictions and rights routes durable across data protection authorities), cross-legal-basis (consent, legitimate interest, and legal obligation all supported by one neutral model), and digital-identity governance (identity assertions and transparency authority governed jointly so trust can scale).

This is the moment the stack is built for. AI systems are training on personal data at scale and making automated decisions with no machine-readable record of what data, under what authority, for what purpose. National digital-identity schemes and wallet ecosystems are deploying with no transparent governance layer over who controls an identity assertion. Digital twins replicate individuals and cities and process sensitive data continuously, with no authority record of what processing is permitted, for how long, with what rights. In every case the deployment is racing ahead of the governance, and in every case the missing piece is the same: a machine-readable authority record. That is the evidence layer. That is what the stack provides.

The question, as the gap report presented to the ISO plenary reveals, is not whether this infrastructure is needed. It is whether the standards community builds it, or leaves the space to be defined by the systems that benefit from there being no record at all.

From architecture to evidence

The architecture is complete on paper. This summer it is being tested in the world. Through the Summer Sessions at the Centre for Social Innovation in Toronto, the live transparency signal runs in the room and real people interact with it directly, under a notice they receive before the session and a receipt they can download as evidence of what was disclosed. The research itself operates under the standard it is testing, which is the design, not a coincidence.

That evidence base feeds the September Council of Europe presentation. The pitch there is not a proposal for a standard. It is a demonstration of the standard working: a live reference implementation, sessions of evidence from people who encountered the stack, and a draft Internet Transparency Code of Practice grounded in what real people need from transparency, not only what compliance requires. The ask is a formal liaison among the Council of Europe, ISO/IEC Working Group 5, and the UN system, focused on an Internet Transparency Code of Practice for cross-border processing, signalling conventions backed by verifiable records, and a shared interoperability profile.

The outcome is this stack built to make possible digital transparency by default: not prescribe notice with out meaning mandated and resented, but transparency that is the natural, verifiable, enforceable state of the internet, because the infrastructure makes it the path of least resistance. Evidence you can hold, accountability you can inspect, before you are ever asked to identify yourself.

That is the difference between dirty AI and clean AI, drawn at the level of infrastructure. And infrastructure, not assertion, is the only thing durable enough to hold.

Mark Lizar is the founder of Transparency Lab and the project editor for PWI 26689 (Notice and Consent Records) at ISO/IEC JTC 1/SC 27/WG 5, Canada. The Internet Transparency Stack was presented at the WG 5 plenary on 23 June 2026. For the standards lineage, the live artefacts, and the road to the September Council of Europe presentation, follow Transparency Lab.