Skip to content
Tyche Institute

Engagement

Standards bodies

The standards governing cryptographic AI attestation are taking shape across several bodies — formal standards-development organisations and adjacent industry and community fora. This page states what Tyche Institute's engagement with each looks like at the time of writing: observer-level for most formal SDO channels, an individual contribution to the IETF RATS ecosystem, and working-level participation in community and industry groups.

The full account of the four formal SDO channels — CEN-CENELEC JTC 21, ETSI TC ESI, ISO/IEC JTC 1/SC 42, and IETF SCITT — is in §6.3 of the cryptographic-attestation survey (Zenodo 20357731). This page lifts and maintains that status, and adds the related industry and community channels Tyche participates in: the PKI Consortium, the W3C Credentials Community Group, the Decentralized Identity Foundation, and the OpenID Foundation's Digital Credentials Protocols Working Group.

CEN-CENELEC JTC 21

AI Act harmonized standards under Standardisation Request M/593 (and Amendment M/613).

JTC 21 is the European committee delivering harmonized standards for AI Act presumption-of-conformity. Work is organised across five working groups; the most relevant to cryptographic attestation are WG2 (operational aspects, AI risk management systems) and WG3 (trustworthiness).

Posture: observer and prospective contributor via the Estonian national mirror committee at the Estonian Centre for Standardisation and Accreditation (Eesti Standardimis- ja Akrediteerimiskeskus, EVS).

Status: a brief derived from the survey paper and the companion mapping paper is in preparation as a possible input to JTC 21 workstreams on AI System Logging (prEN ISO/IEC 24970) and trustworthiness (WG3). At the time of writing no submission has been made.

ETSI TC ESI

Technical Committee on Electronic Signatures and Trust Infrastructures.

TC ESI maintains the ETSI EN 319 family — the technical backbone for eIDAS trust services — and has announced a trustworthy-AI workstream that sits at the eIDAS / AI Act interface.

Posture: prospective observer via national member channels and through TC ESI's public-comment mechanisms.

Status: expected engagement during the eIDAS 2.0 Implementing Acts comment windows over 2026–2027. No submission yet.

ISO/IEC JTC 1/SC 42

Artificial Intelligence.

SC 42 is the international counterpart to CEN-CENELEC JTC 21 and the upstream source for several harmonized standards being mirrored into the European program.

Posture: prospective observer, expected to follow rather than lead the European tracks. Engagement mediated through the same national body (EVS).

IETF SCITT

Supply Chain Integrity, Transparency, and Trust Working Group.

SCITT is the most relevant cryptographic-transparency forum for the patterns described in the survey paper. Its transparency-service abstractions overlap with the AAL-2 logging requirements specified by OVERT 1.0.

Posture: individual-reader participation — the mailing list and published drafts — the easiest of the four channels to engage, since no national-mirror plumbing is required.

IETF RATS

Remote ATtestation procedureS Working Group (RFC 9334).

RATS standardises how a Verifier appraises Evidence about a platform. Tyche's contribution sits at the layer above the hardware root of trust: attesting that an AI agent's governance controls actually executed, and composing that application-layer evidence with RATS platform attestation rather than replacing it.

Posture: active individual contributor. Anton Sokolov is subscribed to the RATS Working Group mailing list and engaged with the Veraison open-source verifier community.

Status: individual Internet-Draft draft-sokolov-rats-aep-composition-00, “Composing Application-Layer Action Evidence with Remote Attestation Procedures,” published 25 June 2026. This is an individual submission, not a working-group document; it has not been adopted by the RATS WG. The feasibility check uses an emulated software TPM (swtpm) and demonstrates the composition mechanics, not a hardware guarantee. See the announcement.

PKI Consortium

Industry consortium on PKI operations, certificate transparency, and post-quantum migration.

The PKI Consortium convenes certificate authorities, vendors, and relying parties around operational PKI questions. Its Post-Quantum Cryptography Working Group and the certificate lifecycle and transparency tracks intersect the root-of-trust assumptions that AAL-2 attestation logging inherits from the Web PKI.

Status: Tyche Institute's organisational membership was approved by PKIC on 16 June 2026. We are now listed as a member of the PKI Consortium and participate in bi-weekly meetings and working group discussions.

W3C Credentials Community Group

Verifiable credentials and decentralized identifiers at the W3C.

The Credentials Community Group incubates the verifiable-credential and decentralized-identifier specifications that underpin much of the attestation patterns in the survey — the closest W3C venue to Tyche's subject matter.

Posture: participant. Tyche Institute has joined the group under the W3C Community Contributor License Agreement. Community Group participation is open to anyone and is not W3C Membership; it confers no vote in W3C's formal standards process.

Decentralized Identity Foundation (DIF)

Interoperable specifications for decentralized identity and verifiable credentials.

DIF develops the decentralized-identity and verifiable-credential specifications most directly adjacent to the offline-verifiable attestation artifacts Tyche works on.

Posture: Contributor. Tyche Institute joined DIF as a Contributor organisation in June 2026, which admits the institute to DIF Working Groups under the Contributor agreement.

OpenID Foundation — DCP Working Group

Digital Credentials Protocols: OpenID4VCI, OpenID4VP, HAIP, and SIOPv2.

The Digital Credentials Protocols Working Group develops the issuance and presentation protocols — OpenID4VCI and OpenID4VP — and the High Assurance Interoperability Profile (HAIP) that shape EUDI Wallet interoperability and certification. It is the standards venue closest to Tyche's EUDI wallet and verifiable-presentation research.

Posture: Contributor. Tyche Institute has signed the OpenID Foundation contribution and IPR agreements, which admit participation in the DCP Working Group. This is participation under the contribution agreements, not OpenID Foundation membership.

Status: contribution and IPR agreements signed in July 2026; the Working Group confirmed that signing admits participation. A first interop note to OpenID4VP — a worked, recomputable transaction_data / KB-JWT example the specification could carry, plus one multi-credential question — is filed as OpenID4VP issue #754. It is an interop report and offer; no specification text has been contributed or adopted yet.

What this means

The industry and community groups Tyche has joined are the PKI Consortium (industry consortium), the W3C Credentials Community Group (open participation), the Decentralized Identity Foundation (Contributor), and the OpenID Foundation DCP Working Group (contribution agreements signed; a first OpenID4VP interop note filed). The other channels above are observer-level, named here so a reader can locate them.

Tyche has also made an individual contribution to the IETF RATS ecosystem — a published Internet-Draft (announcement), an individual submission that has not been adopted as a working-group document.

PKI Consortium membership is an industry-consortium affiliation, not an endorsement of Tyche Institute's publications, tools, or positions.

This page is the status; it will be updated when a submission is made or a posture changes. See the Research page for the underlying papers.