The model
Stewardship, not control
Concert's governance follows the OpenPeppol AISBL pattern — a non-profit steward with multi-stakeholder representation, transparent decision-making, and clear separation between standard governance and commercial operation.
The critical structural principle: Concert (the steward) and Score (the operator) are legally separate entities. Concert owns the intellectual property and licenses it to commercial operators including Score. This ensures the standard cannot be captured by any single commercial interest, and that alternative operators can emerge.
Governance bodies
Four bodies, separated powers
Network Authority (Concert Foundation)
- Sets technical standards and specifications
- Certifies SIGNET Access Points
- Manages the trust framework and participant registry
- Operates the supplier identity service
- Publishes the SIGNET specification under open licence
- Composition: Independent board with buyer, supplier, technology, academic, and government representatives
- Decision-making: Consensus-seeking with supermajority voting fallback
Standards Committee
- Technical interoperability decisions
- Protocol evolution and version management
- Standards adoption and deprecation
- Testing and certification criteria
- Composition: Technical representatives from member organisations, invited experts, liaison with W3C/OpenPeppol/OASIS
- Decision-making: Technical consensus with reference implementations as proof
Buyer Councils
- Procurement rules and category governance
- Supplier entry criteria and qualification standards
- Event types and evaluation methodologies
- Compliance requirements per jurisdiction
- Composition: Procurement leaders from anchor buying organisations
- Decision-making: Per-SIGNET sovereignty (each buying community sets its own rules within the standard's framework)
AI Governance Board
- Agent safety and ethical deployment standards
- Model oversight and responsible AI requirements
- DLP, Data Governance, and AI Safety control standards
- Use case approval framework
- Composition: AI ethics researchers, procurement domain experts, information security specialists
- Decision-making: Every agent deployment type requires formal board approval with documented controls
Membership
Three tiers of participation
Founding Members
Organisations shaping the standard from inception
Board representation, Standards Committee seat, early access to specifications, logo on concert.foundation, invitation to all governance meetings
Annual contribution, active participation in at least one governance body, commitment to deploy or support at least one SIGNET within 24 months
Members
Organisations adopting or supporting the standard
Standards Committee observer status, access to specifications and implementation guides, member directory listing, community support channels
Annual contribution, compliance with SIGNET certification requirements where operating Access Points
Associates
Researchers, individuals, and smaller organisations
Access to specifications, community channels, event invitations
No financial contribution required; knowledge contribution encouraged
Intellectual property
Open standard, protected marks
The SIGNET specification is published under a royalty-free licence that permits implementation by any party. The IP policy follows the W3C Patent Policy model:
Participants in the Standards Committee grant a royalty-free licence to any essential claims in patents they hold that are necessarily infringed by conforming implementations. This ensures that implementing the SIGNET standard never requires patent licence negotiations.
Concert Foundation holds the SIGNET trademark and certification marks. Use of these marks requires certification that the implementation conforms to the current specification and passes the compliance test suite. This protects the ecosystem from fragmentation while keeping the standard itself open.