-0055AA){kind=icon}
The Sovereign Validation Engine for High-Risk Data.
Important
EU AI Act & CEN-CENELEC JTC 25 Candidate Standard (v6.0.0)
ODGS v6 extends the Polymorphic Execution Engine with six deterministic enhancements:
SOFT_STOP override-able severity, batch evaluation, rule dependency chains (DAG),
webhook event emission, conformance self-checks, and rule versioning with provenance tracking.
All changes are normative-additive β existing v5.x deployments upgrade seamlessly.
| Enhancement | Description |
|---|---|
| SOFT_STOP | Overrideable block β halts the pipeline by default, but authorized callers can supply a cryptographic override_token to proceed. Override is always logged. |
| Batch Evaluation | intercept_batch() evaluates multiple payloads in a single call with fail_fast support. |
| Dependency Chains | Rules declare depends_on URNs. Engine uses Kahn's algorithm for DAG ordering. Failed dependencies cascade. |
| Webhook Events | BLOCKED, SOFT_STOP_OVERRIDE, SOFT_STOP_BLOCKED events dispatched to configured endpoints via odgs.json. |
| Conformance Check | odgs conformance CLI command verifies project meets L1/L2 conformance requirements. |
| Rule Versioning | Rules declare version (semver). Versions tracked in every S-Cert audit for provenance. |
| Temporal Bounds | Rules with effective_from / effective_to are auto-skipped outside their validity window. |
This open-source package connects your physical data infrastructure to the ODGS validation engine. However, if you are operating a High-Risk AI System and require strict liability indemnification under the EU AI Act (Articles 10 & 12), you need cryptographic provenance.
Metric Provenance offers the commercial Enterprise Infrastructure for ODGS:
- Certified Sovereign Packs: Pre-compiled, cryptographically signed Ed25519 rule bundles for DORA, EU AI Act, and Basel.
- The S-Cert Sovereign Registry: An air-gapped Enterprise Certificate Authority that natively ingests ODGS telemetry to mint immutable, JWS-sealed audit logs.
π Discover the Sovereign CA Enterprise Node & Packs
The Open Data Governance Standard (ODGS) resolves the "Definition-Execution Gap" in data pipelines.
"Silence over Error." β The Core Philosophy. If data drifts from its legal, contractual, or internal definition, the pipeline must mathematically halt rather than process an invalid inference.
Semantic Certificate β Every sovereign definition carries a cryptographic fingerprint bound to its issuing authority. The data equivalent of a TLS certificate.
π More Screenshots β Compliance Matrix Β· Sovereign Brake
Sovereign Compliance Matrix β Real-time governance status across 72 business metrics, aligned with EU AI Act Art. 10 & 12.
Sovereign Brake β Live Interceptor β When data does not match its statutory definition, the system refuses to proceed. This is the "Administrative Recusal" principle.
Stop relying on passive analytics dashboards. Enforce statutory rules directly in your Python transforms.
pip install odgs# Standard 5-Plane Topology
odgs init MyProject
# Minimalist Topology (Fast Start for small teams)
odgs init MyProject --tier minimalistInject ODGS directly into your data warehouse transforms, Airflow DAGs, or Databricks PySpark wrappers:
from odgs.executive.interceptor import OdgsInterceptor
from odgs.executive.exceptions import AdministrativeRecusal
engine = OdgsInterceptor()
# The physical payload (e.g., an AI applicant profile or standard telemetry)
payload = {"transaction_value": 150000, "aml_flag": False}
try:
# Evaluate against your internal checks or mathematically hashed W3C JSON-LD ontologies
engine.intercept("urn:odgs:sov:eu-ai-act:aml-threshold", payload)
print("Payload Validated. Proceeding to inference.")
except AdministrativeRecusal as e:
# The pipeline HALTS before an illegal decision is made.
print(f"HARD STOP EXECUTED: Data Drift Detected. {e}")ODGS implements a strict 5-Plane topology to guarantee the absolute sovereignty of legislative intent over physical execution pipelines.
graph TD
subgraph Legislative_Plane ["I. Legislative Plane (Semantic Truth)"]
FLINT[TNO FLINT / W3C JSON-LD] --> |Semantic Hash| Definition(Statutory Definition)
end
subgraph Physical_Plane ["II. Physical Plane (ODGS Execution Engine)"]
Definition -.-> |Cryptographic Tether| Boundary[Execution Boundary]
Boundary --> Eval{Constraint Evaluation}
Pipeline[IV. Data Pipeline Plane] --> |Payload| Eval
Eval --> |Compliant| Approved[Execution Authorized]
Eval --> |Data Drift Detected| Recusal[Administrative Recusal]
Approved --> Audit[V. Forensic Audit Plane]
Recusal --> Audit
Audit --> |Generates| SCert[S-Cert: Immutable JWS Provenance Log]
end
ODGS bridges connect your existing data governance platform to the Execution Engine, transforming passive data dictionaries into active runtime enforcement.
| Bridge | Function | Status |
|---|---|---|
odgs-llm-bridge |
π€ AI / LLM: Compile regulations into enforceable rules via sovereign LLM. |  |
odgs-flint-bridge |
Legislative: Ingests TNO FLINT JSON-LD into ODGS schema. |  |
odgs-collibra-bridge |
Physical: Collibra Business Glossary integration. |  |
odgs-databricks-bridge |
Physical: Databricks Unity Catalog integration. |  |
odgs-snowflake-bridge |
Physical: Snowflake Data Dictionary integration. |  |
Want to build a bridge? ODGS is designed to be the enforcement layer for any data governance platform. Open an issue or submit a PR.
Tip
Industry First: ODGS is the first open data governance standard with a native LLM bridge that converts regulations into enforceable rules automatically β while keeping all AI output under deterministic schema validation before it enters the execution engine.
The odgs-llm-bridge extends the Sovereign Validation Engine with five AI-powered governance capabilities, designed for teams that need to operationalise regulation at scale without manual rule authoring.
| Capability | What it does |
|---|---|
| Regulatory Compiler | Paste regulation text (EU AI Act, DORA, Basel III) β get validated ODGS rule JSON. |
| Drift Watchdog | Continuously scan legislative definitions for semantic staleness and recommend updates. |
| Conflict Detector | Cross-reference rules from multiple regulatory sources to surface contradictions. |
| Audit Narrator | Convert cryptographic S-Certs into plain-language narratives for stakeholders. |
| Binding Discoverer | Point at a data catalog β auto-generate physical_data_map.json bindings. |
Sovereignty-first provider stack:
Priority 1 β Ollama (gemma4:26b local) # Zero data leaves your perimeter
Priority 2 β Google GenAI (gemini-3.1-flash-lite-preview) # Cloud fallback
Priority 3 β OpenAI-compatible # GPT-NL, Mistral, self-hosted
Priority 4 β LiteLLM # Universal multi-model router
All LLM output passes through a JSON Schema Validation Gate before entering the deterministic engine β probabilistic AI never touches your production pipeline directly.
pip install odgs-llm-bridge[ollama] # sovereign local (recommended)
pip install odgs-llm-bridge[google] # Google GenAI
pip install odgs-llm-bridge[all] # all providers
# Compile a regulation into enforceable rules
odgs-llm compile-regulation --input regulation.txt --output rules.jsonThe ODGS Engine operates with Zero Telemetry and does not "phone home". It is designed for strict air-gapped enterprise environments.
To ensure metric authenticity, ODGS implements stateless cryptography using standard Ed25519 JWKS (JSON Web Key Set) public keys. When the Engine loads a Sovereign Pack, it cryptographically verifies the signature against the cached JWKS public key.
ODGS outputs an agnostic cryptographic_attestation JSON schema to satisfy EU AI Act Article 12 (Forensic Logging) without exposing third-party data.
- Git-as-Backend: ODGS utilizes a privacy-native logging architecture. Forensic logs are written directly to your private enterprise Git repository. Zero data ever leaves your perimeter.
- The Tri-Partite Hash: The engine generates a cryptographic proof binding the Input Data Hash + Rule Definition Hash + Engine Configuration Hash. Independent auditors and regulatory bodies can mechanically verify the integrity of algorithmic decisions without exposing PII.
For organization-wide policy enforcement, Sovereign Nodes can deploy ODGS as an active sidecar container routing mesh traffic.
# Add the Official Metric Provenance Repository
helm repo add metricprovenance https://charts.metricprovenance.com
helm repo update
# Install the Engine
helm install odgs-cluster-agent metricprovenance/odgs-engine \
--set configuration.namespace="urn:odgs:sov" \
--set keys.jwks_url="https://platform.metricprovenance.com/.well-known/jwks.json"To request architectural clearance for your organization's compliance deployment, please consult the Metric Provenance Enterprise Portal.
π Full Documentation Map β π― Live Demo β
| Guide | Description |
|---|---|
| Migration Guide (v5.x β v6.0.0) | Non-breaking Sovereign Engine upgrade β all v5 configs work as-is. |
| Migration Guide (v4.0 β v5.0) | Breaking changes for W3C JSON-LD rule structures. |
| Adapter Guide | For Data Engineers connecting ODGS to custom infrastructures. |
| Audit Ledger Guide | For Big 4 Auditors verifying the Tri-Partite Hash. |
- Bug Reports & Feature Requests: Please use the GitHub Issues tracker.
- Enterprise Compliance Deployments: For architectural clearance, SLA support, or custom Law Packs, please contact us via the Enterprise Portal.
Released under the Apache 2.0 License.
- No Vendor Lock-in.
- No Cloud Dependency.
- 100% Data Sovereignty.
ODGS | Developed by Metric Provenance | The Hague, NL π³π±