The signet ring was humanity's original authentication protocol — pressed into wax to seal documents, verify identity, and authorise transactions. A SIGNET network is its digital descendant: cryptographic signatures authenticating procurement across a trusted, governed network.
A SIGNET is a buyer-controlled procurement network built on open standards. Within a SIGNET, one or more buying parties set the rules of the network — including supplier entry criteria, event governance, data standards, and agent permissions. SIGNETs are provisioned for government and commercial buyers with information security as a primary design objective.
SIGNET is the first instantiation of the GUILD paradigm: Governed, Unified, Intelligent, Linked, Decentralised networks of agents, human and synthetic. The GUILD paradigm can be applied to any domain requiring multi-party coordination — healthcare data exchange, energy trading, logistics — but SIGNET targets the $13 trillion global procurement market first.
Architecture
The five-layer architecture
The harness layer
The harness engineering paradigm
An emerging insight from the AI infrastructure community: Agent = Model + Harness. The model provides the cognitive component — reasoning, language understanding, generation. The harness provides everything else: runtime, orchestration, tooling, memory, policy, sandboxing, verification, and observability.
Models are converging. GPT-4o, Claude, Gemini, Llama, DeepSeek — the frontier is increasingly interchangeable. LangChain demonstrated empirically that changing only the harness (not the model) improved a coding agent's score from 52.8 to 66.5 on Terminal-Bench.
The $100 billion AI infrastructure opportunity is the harness — the execution layer every model runs through. SIGNET is the procurement harness. Model-agnostic. Tool-agnostic. Organisation-agnostic. Whoever owns the harness controls how intelligence becomes production work.
| Primitive | SIGNET Implementation | Why It Matters |
|---|---|---|
| Prompt & Policy | OPA/Rego rules engine, AI Board governance framework, DLP and AI Safety controls on every LLM endpoint | Agents cannot exceed their mandate. Every action is constrained by machine-readable procurement rules that are simultaneously human-auditable. |
| Durable State | Solid Pods for supplier data sovereignty, BigQuery for analytics, SharePoint knowledge bases, enterprise data lakes | Procurement generates persistent artefacts — contracts, certifications, performance records. The harness manages their lifecycle. |
| Tool Registry / MCP | Workato connectors (1,200+), SAP APIM, Model Context Protocol servers for procurement data sources | Agents access ERP, CLM, risk, and analytics systems through authenticated, rate-limited, permission-bounded tool interfaces. |
| Memory & Context | Vector databases for semantic search, knowledge graphs, OCDS data model for structured procurement data | Domain-specific procurement knowledge persists across sessions and agents. Context compaction ensures relevance. |
| Verification & Observability | Pega audit trails, agent telemetry dashboards, AI Board approval workflows, compliance reporting | Every agent action produces an immutable audit record. Verification loops catch errors before they propagate. |
| Sandboxing | Pega case management with isolated environments per procurement category, entity, or compliance tier | Agents operating on a defence procurement category cannot access commercial data. Isolation is architectural, not policy-based. |
| Runtime & Orchestration | Pega case lifecycle management, Agent Orchestrator, Workato event-driven pipelines | Long-horizon procurement tasks — RFPs running months, contracts spanning years — require durable orchestration, not stateless API calls. |
Design principles
Six principles guiding every SIGNET
Information security as primary objective
Every architectural decision is evaluated through a security lens first. Zero-trust principles govern all interactions. DLP, Data Governance, and AI Safety controls wrap every LLM endpoint. Each agent use case requires formal governance board approval before production deployment.
Buyer sovereignty
One or more buying parties set the rules of the network. Entry criteria, event types, evaluation methodologies, compliance requirements, and agent permissions are all buyer-determined. The buyer is the network governor.
Supplier data sovereignty
Suppliers maintain their own data in Solid Pods — certifications, financials, compliance records. Buyers request time-limited, purpose-bound access. No central data warehouse. The supplier controls who sees what, for how long, and for what purpose.
Rules as code
Procurement rules must be simultaneously human-readable (for category managers and auditors) and machine-executable (for AI agents and compliance checking). Rules are versioned, auditable, and enforced programmatically through OPA/Rego and DMN.
Progressive enhancement
Time-to-first-value in minutes, not months. Level 0 accepts CSV uploads. Level 4 delivers full autonomous agent orchestration. Every level is immediately useful. Adoption follows the Stripe playbook.
Agent-native architecture
Human and synthetic agents are first-class network participants. The architecture supports human buyers alongside AI procurement agents, negotiation agents, compliance agents, and market intelligence agents — all operating within governed parameters with full audit trails.
Interoperability
The open standards stack
| Standard | Role in SIGNET | Status |
|---|---|---|
| PEPPOL BIS 3.0 | Federated document exchange across the four-corner model. Certified SIGNET Access Points route procurement documents to 2.54 million participants in 111 countries. | Mandatory in Belgium (B2B, Jan 2026), expanding under EU ViDA |
| UBL 2.3 | Business document syntax — 91 XML document types spanning orders, invoices, tenders, catalogues, and despatch advice. ISO/IEC 19845. | OASIS standard, ISO endorsed |
| EN 16931 | European e-invoicing standard. Defines the semantic data model that all EU e-invoices must conform to under ViDA. | EU-mandated, cross-border B2B from July 2030 |
| OCDS | Open Contracting Data Standard. JSON-based, 551 data fields covering planning through implementation. Adopted by UK Central Digital Platform. | 50+ governments, G7/G20 endorsed |
| W3C Verifiable Credentials 2.0 | Supplier identity and qualification credentials — cryptographically signed, tamper-proof, selectively disclosable via BBS signatures. | W3C Recommendation |
| W3C Decentralised Identifiers 1.0 | Self-sovereign supplier identifiers anchored to decentralised registries. did:web as the practical method. | W3C Recommendation |
| Model Context Protocol (MCP) | Agent-to-tool connectivity. Launched by Anthropic, now under Linux Foundation governance. Adopted by OpenAI, Google DeepMind, and the broader AI ecosystem. | De facto standard |
| Agent-to-Agent Protocol (A2A) | Inter-agent collaboration across organisational boundaries. Agent Cards at /.well-known/agent.json for capability discovery. 150+ endorsing organisations. | Google-led, SAP/Salesforce endorsed |
| eForms | EU procurement notice standard for TED (Tenders Electronic Daily). Mandatory since October 2023. | EU-mandated |
| Solid Protocol | W3C Linked Web Storage. Supplier data sovereignty through personal data stores (Pods) with fine-grained access control. | W3C Working Group |
| EU eProcurement Ontology (ePO) | Semantic procurement ontology in OWL/RDF. Links procurement and invoicing data in machine-readable chains. | EU Publications Office, v5.0 |
Cryptographic trust
Proving without revealing
Zero-Knowledge Proofs
Suppliers prove they meet threshold criteria — minimum revenue, certification status, insurance levels — without revealing underlying figures. The BBS Signature Scheme enables selective disclosure from verifiable credentials. zk-SNARKs produce compact proofs (~200 bytes) verifiable near-instantly.
Fully Homomorphic Encryption
Computation on encrypted data without decryption. Sealed-bid evaluation: weighted scoring of encrypted bids produces encrypted rankings that only the designated evaluation authority can decrypt. Zama's TFHE-rs demonstrated a live confidential sealed-bid auction in March 2025.
Secure Multi-Party Computation
Multiple buying organisations aggregate demand or compute benchmark prices without exposing individual positions. The Danish sugar beet auction of 2008 remains the landmark: sealed bids jointly computed with no individual bid revealed.
Threshold Cryptography
Shamir's secret sharing distributes master decryption keys across multiple parties. A 3-of-5 scheme requires three of five evaluation committee members to reconstruct the key. No single entity can access sealed data unilaterally.