For governments and regulators

Your public APIs are open.
Do you know who's
consuming them?

Open Banking APIs, procurement portals, public data endpoints, health registries, transport systems. Your government opened them for transparency and innovation. Autonomous AI agents are consuming them at scale — and you have no visibility into who they are, what they're doing, or whether they're complying with terms of use.

The problem today

APIs are open. Governance isn't.

Open Banking

Financial APIs accessed by fintech agents. Which ones comply with declared scope? Which ones exceed authorized access?

Procurement portals

Public tender data scraped by competitive intelligence agents. Is there audit trail of who accessed what, when?

Open data

Municipal datasets consumed by agents for commercial purposes. Do you know which agent processes citizen data and for what declared reason?

Health and transport

Sensitive APIs with personal data. AI agents accessing vaccination records, transit patterns, hospital availability — with zero contractual framework.

What BotConduct provides

Every agent that accesses your infrastructure declares what it will do. In writing. Signed. On the record.

BotConduct is an open protocol for contractual governance of agent traffic to public APIs. Your agency publishes terms. Agents declare intent and sign. The middleware verifies compliance automatically. Violations are documented with cryptographic evidence in a public registry.

Due diligence

Published terms + verified declarations + complaint trail = demonstrable governance. When oversight bodies ask, you have the evidence.

Sovereignty

The protocol is open. Your jurisdiction can operate its own registry. No dependency on foreign cloud vendors. No data leaving your sovereignty.

Audit trail

Cryptographically signed. Immutable. Every access, every declaration, every violation — archived and queryable by oversight authorities.

Regulatory alignment

Built for the regulations already in effect

The protocol produces evidence citable against multiple regulatory frameworks simultaneously:

EU AI Act — Article 50

Transparency requirements for AI systems. High-risk obligations effective August 2026.

GDPR

Data subject rights applicable to any agent processing personal data of EU residents.

Open Banking regulations

PSD2/PSD3 (EU), Open Banking (UK), Open Finance (Brazil), BCRA regulations (Argentina).

National data protection

LGPD (Brazil), DPDPA (India), PDPA (Singapore/Thailand), Ley 25.326 (Argentina).

Implementation

Two paths for government agencies

Use the public registry

Install the open source middleware on your APIs. Agent traffic is governed by the global BotConduct protocol and registry. Zero infrastructure cost. Operational in days.

Best for: agencies starting with API governance, limited budget, immediate need.

Operate your own registry

License the protocol to run a sovereign registry for your jurisdiction. Your data stays in your infrastructure. Federated with the global network or standalone. Full control.

Best for: central banks, national cybersecurity centers, data protection authorities, sector regulators.

Governance infrastructure for public APIs.
Open protocol. Sovereign operation.

Contact us to discuss implementation for your jurisdiction.

Contact us