Framework White Paper Assessment Services Regulatory About Contact Blog Request a Consultation
Digital Presence Integrity Framework

The governance standard for
AI-mediated human presence

A Digital Representation of a Real Person (DRRP) is an AI-mediated or digitally generated system replicating or simulating the likeness, voice, or communicative presence of an identifiable natural person. DPIF is a deployment-level governance standard for DRRPs. It defines the controls, assessment logic, and lifecycle governance required to ensure that when a person is represented at scale, their identity, consent, and authority remain intact.

Read the White Paper Proceed to Assessment
18
Total controls across 8 assessment sections
14
Critical Presence Controls — non-compensatory gates
4
Supporting Presence Controls — maturity scored
7
Normative instruments in the published suite
Core Definition

Presence Integrity is the condition in which a DRRP remains: faithful to the individual's identity; anchored to accountable authorship; bounded by explicit consent; transparently mediated where required; governed by enforceable containment controls.

— DPIF Control Model v1.1
Published Instrument Suite

Seven normative instruments.
One coherent standard.

All instruments are published under CC BY 4.0. The White Paper is explanatory; the seven instruments below are normative. Where an instrument and the Control Model address the same topic, the Control Model takes precedence.

Explanatory · Entry Point
DPIF White Paper
v1.3 12 March 2026 Public

Introduces the framework, its rationale, scope, and relationship to adjacent standards. The recommended starting point for new readers. Not normative — the Control Model governs where the two differ.

Download PDF
CC BY 4.0
01
DPIF Control Model
Normative v1.1 11 March 2026
Authoritative control architecture. Defines all 18 controls (14 CPC, 4 SPC), control classifications, failure logic, and the non-compensatory assessment model. Takes precedence over all other instruments where a conflict exists. Includes the IC-1.2 reclassification from SPC to CPC.
Download PDF
CC BY 4.0
02
Control Checklist
Normative v2.0 11 March 2026
The operational assessment instrument. Lists all 18 controls with evidence requirements, fail conditions, and test procedures. The primary document used by assessors conducting DPIF evaluations. Supersedes v1.0 (20 February 2026).
Download PDF
CC BY 4.0
03
Context Risk Classification Annex
Normative v1.0 11 March 2026
Classification criteria, indicators, and decision logic for assigning deployments to Low, Moderate, High, or Regulated context risk tiers. Defines the ceiling rule: ambiguity escalates, it never de-escalates.
Download PDF
CC BY 4.0
04
Deployment Lifecycle Specification
Normative v1.0 11 March 2026
State machine for DRRP deployments. Defines five lifecycle states (Provisioning, Active, Suspended, Revoked, Archived), transition triggers, transition constraints, and certification implications. Revocation is irreversible.
Download PDF
CC BY 4.0
05
Inter-Deployment Conflict Resolution Framework
Normative v1.0 11 March 2026
Precedence rules and resolution procedures for conflicts between multiple deployments of the same principal's DRRP. Defines four conflict types and a five-level precedence order. Suspension is the default when no rule resolves the conflict.
Download PDF
CC BY 4.0
06
Posthumous and Incapacitated Principal Governance
Normative v1.0 11 March 2026
Successor Authority models, Advance Consent Instrument requirements, enhanced disclosure obligations, and sunset provisions. Defines default suspension timelines: death (14 days), permanent incapacity (30 days), temporary incapacity (180 days).
Download PDF
CC BY 4.0
07
Scoring Rubric
Normative v1.0 11 March 2026
SPC maturity scoring methodology and certification tier logic. Applied only after all 14 CPCs are Met. Defines four maturity levels (Initial → Optimised) and three certification tiers (Foundational, Standard, Extended) by composite score.
Download PDF
CC BY 4.0
Control Architecture

Seven control categories.
18 controls across 8 sections.

DPIF is organised at three levels. The five governance principles define what presence integrity requires. The seven control categories translate those principles into operational domains. The eight assessment sections map to those categories, with Scope Boundary (BOUND-0.1) assessed as a standalone gate that applies across all deployments. These levels are related but distinct — a single assessment covers all eight sections and all 18 controls.

Each category addresses a distinct failure domain. Controls are not independent rules — they interlock. A failure in Identity may cascade through Authority, Consent, and Containment. The categories define where risks concentrate; the controls specify what evidence is required to demonstrate governance.

01
Identity Controls
Failure Mode
Synthetic drift or impersonation
02
Authority Controls
Failure Mode
Unbounded speech or policy escalation
03
Consent Controls
Failure Mode
Scope creep or consent drift
04
Disclosure Controls
Failure Mode
Deceptive immediacy or false attribution
05
Context Risk Controls
Failure Mode
Unclassified or misclassified deployment context
06
Semantic Integrity Controls
Failure Mode
Semantic distortion through translation, summarisation, or paraphrasing
07
Containment Controls
Failure Mode
Irreversible or untraceable misuse
CPC and SPC Architecture

Non-compensatory gates.
Maturity-scored supporting controls.

DPIF uses a two-tier control structure. Critical Presence Controls are binary hard gates — no maturity score compensates for failure. Supporting Presence Controls are assessed on a four-level maturity scale and determine certification tier once all CPCs are met.

Critical Presence Controls
14
Non-compensatory gates
Failure of any single CPC results in an immediate overall FAIL. No maturity score, pillar strength, or mitigating factor compensates for CPC non-compliance. Assessment terminates — the Scoring Rubric is not applied.
IC-1.1IC-1.2AC-2.1AC-2.2AC-2.3CC-3.1CC-3.2DC-4.1CR-5.1CR-5.2SI-6.1CT-7.1CT-7.2BOUND-0.1
Supporting Presence Controls
4
Maturity-scored
SPCs are assessed on a four-level maturity scale (Initial, Defined, Managed, Optimised) only after all 14 CPCs are met. Composite score and floor conditions determine certification tier: Foundational (1.0–1.9), Standard (2.0–2.9), or Extended (3.0–4.0).
CC-3.3DC-4.2SI-6.2CT-7.3
Assessment Outcome Logic
Pass
All 14 CPCs Met. SPC maturity scoring completed via the Scoring Rubric. Certification tier assigned based on composite score and floor conditions.
Conditional Pass
All 14 CPCs Met. One or more SPCs Unmet or below the required tier floor. A remediation plan with defined timelines is required before certification can be issued.
Fail
Any CPC Unmet. No SPC scoring is conducted and the Scoring Rubric is not applied. CPC failure represents a foundational governance gap that no maturity score can offset.
IC-1.2 (Identity Drift Monitoring) was reclassified from SPC to CPC in Control Model v1.1. Deployments assessed against v1.0 must be reassessed against v1.1 criteria.
Assessment Scope

The deployment is the
primary unit of assessment.

DPIF assessments are scoped at three levels. Deployment-level assessment is the primary and definitive form. Only Active deployments are eligible for certification — the lifecycle state at time of assessment must be declared.

Primary
Deployment-Level Assessment
A specific instance of a DRRP operating within a declared Scope of Use, under a specific Delegated Authority, in a classified context risk tier. The definitive form of DPIF verification. A single DRRP tool may support multiple independent deployments, each separately assessed.
Certification eligible
Subordinate
Tool-Level Assessment
Evaluates the underlying DRRP system against controls that apply at the tool layer — specifically AC-2.2 (Autonomous Escalation Block), AC-2.3 (Output Attribution Traceability), and CT-7.1 (Interaction Logging). Tool assessment is subordinate to and does not substitute for deployment-level assessment.
Supports deployment assessment
Post-CPC Gate
SPC Maturity Scoring
Applied only after all 14 CPCs are Met. Four maturity levels (1: Initial → 4: Optimised) scored across four SPCs. The composite score and per-SPC floor conditions determine which of three certification tiers — Foundational, Standard, or Extended — can be awarded.
Applied via Scoring Rubric
Context Risk Classification

Four tiers. Escalating control intensity.

Every deployment must be classified against one of four context risk tiers. Classification determines the required control intensity across five dimensions: disclosure, revocation timeframe, governance review cadence, log retention, and identity revalidation. The ceiling rule applies — a deployment's tier is the highest tier indicated by any single indicator. Ambiguity escalates; it never de-escalates.

Regulatory override: deployments in financial services, healthcare, legal, government, or education involving minors are always classified as Regulated, regardless of other indicators.

Low
Controlled, internal, or limited-audience context; narrow communicative scope.
Disclosure: Metadata Revocation: 72 hours Review: Annual Log retention: 6 months
Moderate
Broader context with identifiable but manageable risks; reputational sensitivity.
Disclosure: Visible Revocation: 24 hours Review: Semi-annual Log retention: 12 months
High
Significant harm potential from misrepresentation; broad or public audience; material statements.
Disclosure: Enforced Revocation: 4 hours Review: Quarterly Log retention: 24 months
Regulated
Subject to sector-specific regulation, statutory requirements, or where misrepresentation could cause legal liability, financial harm, or health and safety harm.
Disclosure: Enforced + auditable Revocation: 1 hour Review: Monthly Log retention: Per regulatory req.
Document Versions

Current published suite

The table below shows the current version of each instrument, its release date, and normative status. All instruments are available under CC BY 4.0 from the GitHub repository.

Document Version Date Status
DPIF White Paper v1.3 12 Mar 2026 Public (explanatory)
Control Model v1.1 11 Mar 2026 Normative
Control Checklist v2.0 11 Mar 2026 Normative
Context Risk Classification Annex v1.0 11 Mar 2026 Normative
Deployment Lifecycle Specification v1.0 11 Mar 2026 Normative
Inter-Deployment Conflict Resolution Framework v1.0 11 Mar 2026 Normative
Posthumous and Incapacitated Principal Governance v1.0 11 Mar 2026 Normative
Scoring Rubric v1.0 11 Mar 2026 Normative
Next Steps
Self-Assessment
Assess a deployment against DPIF
Walk through all 18 controls with guided evidence requirements, fail conditions, and test procedures. The Control Checklist (v2.0) is the normative instrument. The self-assessment tool supports structured review before formal assessment.
Proceed to Assessment
Consultation
Discuss your governance requirements
For complex deployments, regulated contexts, or organisations evaluating DPIF for enterprise adoption, a consultation with The Presence Authority provides structured guidance on scope definition, control mapping, and assessment preparation.
Request a Consultation
Version Date Affected Documents Changes
v1.0 20 Feb 2026 Control Model v1.0, Control Checklist v1.0 Initial normative release. 13 CPCs and 5 SPCs under Control Model v1.0. Deployment introduced as the primary unit of assessment. IC-1.2 classified as SPC at initial release.
v1.1 11 Mar 2026 Control Model v1.1, Control Checklist v2.0, all ancillary instruments v1.0 IC-1.2 (Identity Drift Monitoring) reclassified from SPC to CPC. Control count corrected to 18 (14 CPC, 4 SPC). Deployment formalised as primary unit of verification. Full ancillary instrument suite published: Context Risk Classification Annex, Deployment Lifecycle Specification, Inter-Deployment Conflict Resolution Framework, Posthumous and Incapacitated Principal Governance, Scoring Rubric. Lifecycle state awareness and expanded assessment record requirements added to Control Checklist.