odgs 5.1.0

Open Data Governance Standard — Universal Validation Primitive

Open Data Governance Standard (ODGS)

The Universal Validation Engine for High-Risk Data.

---

[!IMPORTANT] EU AI Act & CEN-CENELEC JTC 25 Candidate Standard (v5.1.0 Update) ODGS has been upgraded to a strict Polymorphic Execution Engine. It seamlessly evaluates your standard operational telemetry while natively ingesting authoritative W3C/JSON-LD legal ontologies (e.g., TNO FLINT) to enforce Administrative Recusal ("Hard Stop") in High-Risk AI pipelines.

---

🚀 What's New in v5.1.0: Complete Semantic Certificates

v5.1.0 upgrades the ODGS audit engine to emit a complete, tamper-evident Semantic Certificate (S-Cert) on every enforcement event.

• Complete S-Cert: rule_id, semantic_hash, verdict, system_id, payload_hash are now top-level fields in every audit entry. No raw payload is ever recorded — only cryptographic hashes.
• LOG_ONLY severity: A new non-blocking verdict mode — records violations without halting the pipeline. Ideal for monitoring-mode rollouts before switching to HARD_STOP.
• Rule lifecycle: effective_from / effective_to on rules — pre-deploy rules ahead of a regulatory go-live date, or sunset expired rules automatically.

---

🏢 Enterprise & Public Sector: EU AI Act Compliance

This open-source package connects your physical data infrastructure to the ODGS validation engine. However, if you are operating a High-Risk AI System and require strict liability indemnification under the EU AI Act (Articles 10 & 12), you need cryptographic provenance.

Metric Provenance offers the commercial Enterprise Infrastructure for ODGS:

• Certified Sovereign Packs: Pre-compiled, cryptographically signed Ed25519 rule bundles for DORA, EU AI Act, and Basel.
• The S-Cert Sovereign Registry: An air-gapped Enterprise Certificate Authority that natively ingests ODGS telemetry to mint immutable, JWS-sealed audit logs.

👉 Discover the Sovereign CA Enterprise Node & Packs

---

1. The Standard: Data Governance Without Compromise

The Open Data Governance Standard (ODGS) resolves the "Definition-Execution Gap" in data pipelines.

"Silence over Error." — The Core Philosophy. If data drifts from its legal, contractual, or internal definition, the pipeline must mathematically halt rather than process an invalid inference.

Semantic Certificate — Every sovereign definition carries a cryptographic fingerprint bound to its issuing authority. The data equivalent of a TLS certificate.

📊 More Screenshots — Compliance Matrix · Sovereign Brake

Sovereign Compliance Matrix — Real-time governance status across 72 business metrics, aligned with EU AI Act Art. 10 & 12.

Sovereign Brake — Live Interceptor — When data does not match its statutory definition, the system refuses to proceed. This is the "Administrative Recusal" principle.

---

2. Quick Start: The Data Engineer Workflow

Stop relying on passive analytics dashboards. Enforce statutory rules directly in your Python transforms.

Install

pip install odgs

Example: Halting a Pipeline in Python/dbt

Inject ODGS directly into your data warehouse transforms, Airflow DAGs, or Databricks PySpark wrappers:

from odgs.executive.interceptor import OdgsInterceptor
from odgs.executive.exceptions import AdministrativeRecusal

engine = OdgsInterceptor()

# The physical payload (e.g., an AI applicant profile or standard telemetry)
payload = {"transaction_value": 150000, "aml_flag": False}

try:
    # Evaluate against your internal checks or mathematically hashed W3C JSON-LD ontologies
    engine.intercept("urn:odgs:sov:eu-ai-act:aml-threshold", payload)
    print("Payload Validated. Proceeding to inference.")
    
except AdministrativeRecusal as e:
    # The pipeline HALTS before an illegal decision is made.
    print(f"HARD STOP EXECUTED: Data Drift Detected. {e}")

---

3. The 5-Plane Semantic Architecture (v5)

ODGS v5 implements a strict 5-Plane topology to guarantee the absolute sovereignty of legislative intent over physical execution pipelines.

graph TD
    subgraph Legislative_Plane ["I. Legislative Plane (Semantic Truth)"]
        FLINT[TNO FLINT / W3C JSON-LD] --> |Semantic Hash| Definition(Statutory Definition)
    end
    
    subgraph Physical_Plane ["II. Physical Plane (ODGS Execution Engine)"]
        Definition -.-> |Cryptographic Tether| Boundary[Execution Boundary]
        Boundary --> Eval{Constraint Evaluation}
        
        Pipeline[IV. Data Pipeline Plane] --> |Payload| Eval
        
        Eval --> |Compliant| Approved[Execution Authorized]
        Eval --> |Data Drift Detected| Recusal[Administrative Recusal]
        
        Approved --> Audit[V. Forensic Audit Plane]
        Recusal --> Audit
        
        Audit --> |Generates| SCert[S-Cert: Immutable JWS Provenance Log]
    end

---

4. Platform Bridges

ODGS bridges connect your existing data governance platform to the Execution Engine, transforming passive data dictionaries into active runtime enforcement.

Bridge	Function	Status
odgs-flint-bridge	Legislative: Ingests TNO FLINT JSON-LD into ODGS schema.
odgs-collibra-bridge	Physical: Collibra Business Glossary integration.
odgs-databricks-bridge	Physical: Databricks Unity Catalog integration.
odgs-snowflake-bridge	Physical: Snowflake Data Dictionary integration.

Want to build a bridge? ODGS is designed to be the enforcement layer for any data governance platform. Open an issue or submit a PR.

---

5. Air-Gapped Execution & Stateless Cryptography (JWKS)

The ODGS Engine operates with Zero Telemetry and does not "phone home". It is designed for strict air-gapped enterprise environments.

To ensure metric authenticity, ODGS implements stateless cryptography using standard Ed25519 JWKS (JSON Web Key Set) public keys. When the Engine loads a Sovereign Pack, it cryptographically verifies the signature against the cached JWKS public key.

---

6. Audit Ledgers: Cryptographic Verifiability & Zero-Knowledge

ODGS outputs an agnostic cryptographic_attestation JSON schema to satisfy EU AI Act Article 12 (Forensic Logging) without exposing third-party data.

• Git-as-Backend: ODGS utilizes a privacy-native logging architecture. Forensic logs are written directly to your private enterprise Git repository. Zero data ever leaves your perimeter.
• The Tri-Partite Hash: The engine generates a cryptographic proof binding the Input Data Hash + Rule Definition Hash + Engine Configuration Hash. Independent auditors and regulatory bodies can mechanically verify the integrity of algorithmic decisions without exposing PII.

---

7. Enterprise Deployment (Kubernetes / Helm)

For organization-wide policy enforcement, Sovereign Nodes can deploy ODGS as an active sidecar container routing mesh traffic.

# Add the Official Metric Provenance Repository
helm repo add metricprovenance https://charts.metricprovenance.com
helm repo update

# Install the Engine
helm install odgs-cluster-agent metricprovenance/odgs-engine \
  --set configuration.namespace="urn:odgs:sov" \
  --set keys.jwks_url="https://platform.metricprovenance.com/.well-known/jwks.json"

To request architectural clearance for your organization's compliance deployment, please consult the Metric Provenance Enterprise Portal.

---

8. Documentation & Contribution

📚 Full Documentation Map → 🎯 Live Demo →

Guide	Description
Migration Guide (v4.0 -> v5.0)	Critical instructions for the Polymorphic Engine upgrade.
Adapter Guide	For Data Engineers connecting ODGS to custom infrastructures.
Audit Ledger Guide	For Big 4 Auditors verifying the Tri-Partite Hash.

---

Support & Community

• Bug Reports & Feature Requests: Please use the GitHub Issues tracker.
• Enterprise Compliance Deployments: For architectural clearance, SLA support, or custom Law Packs, please contact us via the Enterprise Portal.

---

License

Released under the Apache 2.0 License.

• No Vendor Lock-in.
• No Cloud Dependency.
• 100% Data Sovereignty.

---

ODGS | Developed by Metric Provenance | The Hague, NL 🇳🇱