0PN Resources

0PN DPTI (Digital Public Transparency Infrastructure)

Safety, Security and Privacy Transformation Infrastructure

Must Be Digitally Open, Internationally Accessible, and free to access

OPN - DPTI Profile for ISO/IEC 27560:2023 Consent Record Information Structure

DCR v1.2 (Digital Consent, consolidated) - 0PN Lab Specs
0PN Lab specifications (ISO/IEC 27560 profile lineage).
0PN Lab Specs

Core DPTI (Glass-boxed Governance) Standards

For Reporting: Conformance and testing

Transparency by Default at internet scale

The Digital Public Transparency Infrastructure is a package of international standard, open, and free to access international instruments. Combining established international standards into a cohesive, interoperable framework that makes transparency operationally viable for controllers and enforceable for regulators.

All components are fit for international purpose, open, and free to access for implementation as DPTI.

The Digital Public Transparency Governance Infrastructure - Glass Box Knowledge Model

Glass - boxed Model

Core DPTI Standards

Convention 108+

Modernized Data Protection Convention of the Council of Europe

Convention 108+ provides the legal foundation for transparency obligations across 55+ jurisdictions.

Key Articles:

  • Article 8.2 — Information to be provided to the data subject
  • Article 11 — Codes of conduct implementation framework
  • Article 5 — Six legal bases for lawful processing

DPTI Implementation: Convention 108+ Transparency Code of Conduct (launching January 28, 2026)

Access: Convention 108+ Full Text

ISO/IEC 29100 Privacy Framework

Transparency as First Principle

ISO/IEC 29100 establishes Transparency as the foundational privacy principle, adopted from the Consent Receipt specification.

Framework Components:

  • Privacy principles and terminology
  • Transparency as baseline requirement
  • Role-based privacy controls
  • Privacy safeguards reference architecture

DPTI Implementation: Transparency by Default (TbD) architecture — controllers disclose identity and processing purpose BEFORE collecting personal data.

Access: Open and Free to Download

Free to Access Statement

Universal Notice Receipt Profile (UNRP)

ISO/IEC 27560-1 defines the record information structure that makes Convention 108+ Article 8.2 machine-readable and operationally enforceable.

Core Specifications in the 0PN Lab:

Controller Identification Record (CIR)

  • Served at /.well-known/notice.txt
  • Machine-readable controller identity and contact
  • Processing purpose and legal basis declaration
  • W3C DPV semantic encoding

Universal Notice Receipt (UNR)

  • Bilateral proof-of-notice exchange
  • Timestamped and cryptographically signed
  • Portable across services and jurisdictions
  • Legal basis encoding (all 6 Convention 108+ Article 5 bases)

Notice Event Log

  • Append-only record of notice and authorization state changes
  • Auditable transparency timeline
  • Tamper-evident cryptographic integrity

DPTI Implementation: ISO/IEC 27560 Universal Notice Receipt Profile for implementing Convention 108+ online

Access: Available through national standards bodies; 0PN Lab implementation guides free for all members

Machine-Readable Legal Semantics

W3C DPV provides standardized, machine-readable vocabulary for expressing privacy and data protection concepts in Controller Identification Records and Notice Receipts.

Integration with DPTI:

  • Purpose taxonomy for CIR disclosure
  • Legal basis representation (mapped to Convention 108+ Article 5)
  • Processing category classification
  • Data subject rights expression
  • Cross-border data flow declarations

DPTI Implementation: DPV encoding in CIR and UNR for semantic interoperability

Access: W3C DPV Specification — Free and open

Kantara ANCR & TPI Conformance and Compliance Report

Transparency Performance Indicators — Regulatory (TPI-R)

Kantara Initiative ANCR (Anchored Notice and Consent Record) and TPI provide conformance assessment and compliance reporting methodology for transparency infrastructure at scale.

TPI-R Methodology:

  • Baseline transparency scoring across services
  • Compliance gap analysis (e.g., Chrome/IAB case studies)
  • Regulatory capacity metrics
  • Automated auditing across thousands of controllers

DPTI Implementation: TPI-R for regulatory reporting; ANCR for high-assurance transparency

Access: Kantara Initiative — Open specifications; 0PN Lab TPI-R tools for members

Extensibility: Standards Integration

The DPTI Stack is designed for extensibility with complementary standards and protocols

W3C Verifiable Credentials (VC) & Decentralized Identifiers (DID)

Portable, Cryptographically Verifiable Transparency Records

W3C VC and DID standards enable portable, self-sovereign transparency infrastructure:

Integration with DPTI:

  • Verifiable Credentials — Issue Notice Receipts as VCs for portability across services and jurisdictions
  • Decentralized Identifiers — Controller and individual identity without centralized registries
  • Selective Disclosure — Privacy-preserving presentation of Notice Receipts
  • Cryptographic Proof — Tamper-evident audit trails

Use Cases:

  • Cross-border Notice Receipt portability
  • Decentralized Controller Registry alternatives
  • Age assurance integration
  • AI governance and role-based containment

Access:

Implementation Status: Extensibility layer under development by 0PN Lab Working Groups

0PN Lab Working Group Initiative

The AuthC Protocol is an open protocol under development by the 0PN Lab Protocol Working Group to extend DPTI with active state signaling and real-time transparency control.

Protocol Design:

  • Authority with Consent — Bilateral authorization with real-time revocation
  • Active State Signaling — Controllers signal current processing state in real-time
  • Permission Management — Granular, purpose-bound data access control
  • Cross-Service Portability — Notice Receipts and authorizations work across controllers

Integration with DPTI:

  • Level 4 TATA implementation (Active State High Assurance)
  • Real-time regulatory auditing
  • Dynamic consent and authorization
  • Privacy-enabling identity infrastructure

Development Status: Open standards development in 0PN Lab Protocol Working Group

Access: Join the Protocol Working Group to participate in AuthC development

  • Free Observer Access — Newsletter and meeting recordings
  • Active Participation — £150/year (founder rate) for voting membership

Join Protocol Working Group →

DPTI Stack Implementation Pathways

Level 1: Self-Assertion (Open Notice Practice)

Free — No registration, certification, or fees required (starting Feb)

Standards:

  • Convention 108+ Article 8.2 compliance
  • ISO/IEC 27560-1 CIR and UNR
  • W3C DPV encoding
  • IETF RFC 8615 (/.well-known/)

What you implement:

  • /.well-known/notice.txt Controller Identification Record
  • Notice Event Log
  • Universal Notice Receipts

View Level 1 implementation guide →

Level 2 -4 (Coming Soon)

Why the DPTI Stack is Different

Open and Free to Access

No proprietary lock-in, no licensing fees

Every component of the DPTI Stack is based on open international standards:

  • Convention 108+ — International treaty
  • ISO/IEC standards — Available through national standards bodies
  • W3C specifications — Free and open
  • Kantara Initiative — Open specifications
  • 0PN Lab protocols — Open development, free to implement

Fit for International Purpose

Designed for cross-border interoperability

The DPTI Stack is built for Convention 108+ jurisdictions (55+ countries) and compatible with:

  • UK GDPR
  • EU GDPR
  • APEC CBPR
  • Canadian PIPEDA
  • Australian Privacy Act

Semantic interoperability via W3C DPV ensures machine-readable compliance across regulatory regimes.

Scaling Regulatory Capacity

From thousands of bespoke policies to automated compliance

Traditional privacy policy enforcement requires manual review of thousands of documents. The DPTI Stack enables:

Automated Discovery:

  • CIRs at /.well-known/notice.txt are machine-discoverable
  • No prior registration required
  • Crawlable by regulatory tools

Automated Auditing:

  • Machine-readable W3C DPV encoding
  • TPI-R compliance scoring
  • Notice Event Logs provide tamper-evident trails

Example: TPI-R methodology assessed Chrome and IAB transparency compliance across thousands of services — impossible with manual policy review.

Get Started with the DPTI Stack

Free Access

Newsletter, observer access, and Level 1 tutorials

  • Convention 108+ Code of Conduct implementation guidance
  • ISO/IEC 27560-1 CIR and UNR templates
  • W3C DPV encoding examples
  • CLI tools for validation

Create free account →

Standards Community

The DPTI Stack is built in collaboration with leading standards bodies:

  • Council of Europe — Convention 108+ legal foundation
  • ISO/IEC JTC 1/SC 27 — Privacy and security standards
  • W3C — Data Privacy Vocabulary, Verifiable Credentials, DIDs
  • IETF — Well-known URI infrastructure (RFC 8615)
  • Kantara Initiative — ANCR and TPI conformance
  • UN/CEFACT — Cross-border transparency and supply chain integration
  • Standards Council of Canada — National standards coordination
  • IEEE Digital Privacy — Technical implementation research
  • MyData — Individual-centric transparency and control

It's not fair or trustworthy, if it's not Transparent First.

Open standards. International interoperability. Regulatory capacity at scale.