Frequently asked questions

Quick answers to the questions publishers, AI labs, and standards participants ask most often. Every credential reference uses the same architecture; every pricing reference matches the live billing model.

1. The credential

What is a LicenseFoundry credential?

A cryptographically signed record — W3C Verifiable Credential 2.0, JWT-VC compact JWS encoding, Ed25519-signed — stating what rights have been granted to a specific AI lab for a specific asset on a specific date. Verifiable offline in milliseconds against the issuer at did:web:licensefoundry.com.

Where does a signed credential live after issuance?

In five places at once:

  1. The HTTP response we return to the customer at issuance time
  2. LicenseFoundry's Postgres database (the system-of-record)
  3. The W3C Bitstring Status List v1.0 bitstring (revocation state, publicly fetchable)
  4. The public L2 anchor (tamper-evident timestamp)
  5. Wherever the customer presents it downstream — typically their CMS, the asset's metadata, their CoMP licenseurl endpoint, or forwarded to the AI lab counterparty

The JWT is a bearer credential: any party holding the bytes can verify it offline against the issuer's published DID.

Can a credential be edited after issuance?

No. The signature commits to the credential's content; any modification breaks verification. To change a credential's scope or terms, revoke the original and issue a new one. Revocation is always free; re-issuance is billed normally, with a five-minute correction window in which the original is automatically credited.

What is the difference between a credential and a licence?

The credential is the cryptographically signed instance — the receipt. The licence is the legal grant of rights the credential documents. A credential without a corresponding legal agreement is just a signed JSON object; the legal agreement underneath is what makes it commercially meaningful. Our infrastructure produces the credential; the underlying licence is between the publisher and the AI lab.

Does a credential prove that payment was made?

No — and it doesn't claim to. A credential proves the licence (which rights were granted, on what content, still valid), not the payment. Those are two separate facts with two separate proofs: a Getty invoice proves you paid, not what you're allowed to do; a credential proves what you're allowed to do, not that you paid. The two compose — a credential can carry a reference to a marketplace settlement ID or invoice, and issuance is typically triggered by the party who confirms the payment cleared — but the proof that money changed hands lives with the invoice or the marketplace settlement record, not the credential.

2. Storage & operations

How do customers store the JWT?

Six patterns are common:

  1. Append a column to the existing asset catalogue (most publishers)
  2. A LICENSE.jwt file alongside the asset (OSS datasets, structured repositories)
  3. Embed in the asset's metadata — IPTC, XMP, or as a C2PA assertion
  4. As the response body at the publisher's CoMP licenseurl
  5. Forwarded directly to the AI lab counterparty
  6. Don't store locally — keep the credential UUID and re-fetch from LicenseFoundry on demand

The choice is operational, not architectural — the JWT is portable and self-contained.

Do customers need to back up their credentials?

Not strictly. Every credential is in our database and retrievable via GET /v1/credentials/{id}. But we strongly recommend backup for three reasons: latency (local lookup beats API re-fetch), vendor-risk independence (the credential verifies cryptographically without LicenseFoundry), and legal-discovery readiness (a local index answers questions in seconds).

What happens if a customer loses a credential locally?

If they stored the credential UUID anywhere — their CMS, their issuance log, anywhere — they can re-fetch the JWT from GET /v1/credentials/{id} or the dashboard. If they lost the UUID too, the credential is still in our database keyed by asset, account, and counterparty; we can help them recover it through support. The credential is never lost from our side; the customer's local copy is what's at risk.

How large is each credential?

Typically 1-3 KB. A million credentials is ~3 GB — fits in a single Postgres column or S3 prefix without strategic planning. Storage cost is functionally zero relative to the value at stake.

3. Standards & protocols

How does this work with CoMP V1?

CoMP V1 (IAB Tech Lab Content Monetization Protocols, finalised April 2026) standardises the request/response exchange between AI systems and content infrastructure. The Package object includes a licenseurl field; when authorisation is not in place, the AI system navigates to package.licenseurl. Token issuance and payment at that endpoint are explicitly out of scope for the CoMP API — that is where the credential layer sits.

How does RSL fit in?

RSL (Really Simple Licensing) is one layer above the credential. The License: directive in robots.txt and its linked rights document are the publisher's standing offer — the publicly addressable signpost that tells every bot how to discover the credential infrastructure beneath it. RSL declares; the credential layer transacts. They compose, they do not overlap.

How does this relate to Cloudflare AI Crawl Control?

Cloudflare AI Crawl Control enforces whether an AI crawler can reach content at the CDN tier. LicenseFoundry issues what was actually agreed when a crawler does reach licensed content — a signed, counterparty-bound credential that proves consent, scope, and date in a form a court or regulator will accept. The two are complementary, not substitutes: enforcement without attestation cannot prove compliance; attestation without enforcement cannot prevent unauthorised access.

Most publishers running both have the full posture. LicenseFoundry works on any CDN — Akamai, Fastly, AWS CloudFront, Vercel, custom origins — not just Cloudflare. The credential layer is CDN-agnostic by design.

Does this work with content signals and the EU Article 4 rights-reservation model?

Yes — the alignment is structural. The content-signals format (publisher's robots.txt declares yes / no per use case for search, ai-input, and ai-train) operates at the declaration layer, with restrictions explicitly invoking Article 4 of EU Directive 2019/790 as machine-readable rights reservations. LicenseFoundry credentials operate one layer below — they are the signed counterpart of any structured grant against those reservations.

An Article 4 reservation ("ai-train: no") legally binds downstream AI training under EU law. A credential is the structured override — "I have granted Anthropic these specific training rights, under these terms, on this date, revocable here" — in a form a court will recognise. The content signal establishes the default position; the credential records the specific grant. The two compose; they do not overlap.

Our credential vocabulary maps directly onto the three content signals: search corresponds to indexing rights (slated for framework v1.1), ai-input to rights.rag and rights.embed, and ai-train to rights.train. Per-right scope constraints (model_family, max_excerpt_tokens, jurisdiction, attribution) are carried in the credential, which is the finer-grained tier the content signals do not attempt to express.

Why can't a CDN like Cloudflare be the credential issuer itself?

Structural separation is the credibility mechanism, not a vendor preference. A neutral attestor must not sit in the request path because they can influence outcomes (block, throttle, log) and would have direct visibility into the transactions they would be attesting to. A CDN is in the request path by definition. CDN-issued attestation of traffic that flows through the CDN's own edge inherits the same credibility problem as a bank self-validating a contested transaction in court.

Three additional disqualifying factors stack: a CDN's commercial relationships sit on both sides of every transaction (publishers and AI-lab infrastructure customers), which compresses attestation rigor whenever it conflicts with revenue; a CDN's attestation methodology would be proprietary rather than openly published and forkable like our framework at licensefoundry.com/framework/v1.0; and CDN-bound attestation cannot be carried to a different CDN, while LicenseFoundry credentials work on Akamai, Fastly, AWS CloudFront, Vercel, or any custom origin.

The same structural pattern recurs across every two-sided market that has matured at scale: ASCAP and BMI are not the radio stations; Visa and Mastercard are not the merchants; certificate authorities are not the CDNs whose certificates they sign; the Big Four auditors are not the corporations they audit. Neutral attestation requires structural separation from the platform, and that separation is the credibility mechanism. The argument is about structure, not technology — a CDN could build credential issuance tomorrow, and the credentials would still inherit the same credibility problem as any self-attested record.

Doesn't LicenseFoundry also run on Cloudflare?

Yes — our marketing site and dashboard application are hosted on Cloudflare Pages. The structural neutral-attestor argument is not about where we host; it is about whether the attestor sits in the request path of the transactions being attested. When a publisher grants an AI lab a training credential, the licensing transaction is between the publisher and the lab — that traffic never touches LicenseFoundry's infrastructure regardless of who hosts ours. Cloudflare hosting our website is a customer relationship; it does not put Cloudflare between any publisher and any AI lab whose credential we attest to.

The portability test confirms the separation: we can migrate off Cloudflare with a deploy-script change and every credential we ever issued stays valid. Publishers using Cloudflare-bundled enforcement and AI labs ingesting content under our credentials are not constrained by our hosting choice at all. Our customers' CDN choices are independent of ours, in both directions.

We harden the load-bearing surfaces against any single hosting provider's risk — not Cloudflare-specific, but applicable to whoever we host with. Signing keys live in KMS, never on edge infrastructure. The DID document at did:web:licensefoundry.com and the W3C Bitstring Status List v1.0 endpoint are cryptographically anchored on a public L2 settlement layer, so substitution is detectable independent of where the served file lives. The compliance framework is openly published under terms that permit audit, derivation, and challenge — its credibility does not depend on which hosting provider serves the URL.

Do I need LicenseFoundry if I just want to block all AI training on my content?

Honestly — no. If your goal is *"no AI lab trains on my work, ever, no exceptions,"* Cloudflare AI Crawl Control or equivalent content-signals enforcement is sufficient. Set the content signal to ai-train: no, which is a binding rights reservation under Article 4 of EU Directive 2019/790, and you do not need any licensing infrastructure underneath. We are not the right answer for that use case.

LicenseFoundry serves the case the Leiden Declaration's recommendation #2 actually names: "licensing agreements that prevent use of published work as training data without consent." The two key words are licensing agreements and without consent — the Declaration is calling for a consent-based model where some uses are agreed under specific terms and uses without agreed terms are prevented. That is structured licensing, not blanket blocking. Publishers, academic societies, library stewards, and institutional licensing departments who want to grant some training rights to specific labs under specific terms — while refusing all other uses — need a credential layer beneath their enforcement. Pure blocking does not need that.

The Cloudflare enforcement layer and the LicenseFoundry credential layer compose: enforcement defaults to refusing access; credentials are the structured override for specific consented agreements. A publisher running both has the full posture — refuse unauthorised access at the edge, prove what was authorised in court. A publisher who only wants the first half can use Cloudflare alone. We are not trying to serve that publisher; we are trying to serve the publisher operationalising the Declaration's recommendation #2 in full.

How does C2PA fit in?

C2PA binds the asset to its provenance — who made it, when, with what tools. That manifest is baked into the file at creation and is the same for everyone who opens it: it answers what is this and where did it come from, never who is allowed to use it.

A licence is not a property of the asset — it is a deal between two parties at a point in time: this rightsholder granted this user these rights, on this date, under these terms, revocable here. The grantee, the permitted uses, the scope and term, the revocation state, the price, the obligations — none of that lives in a provenance manifest. The structural reason it can't: one asset has one provenance but many licences. The same article can be licensed to one lab for training, another for retrieval-only, a third for evaluation — different grants, same file. You cannot stamp every counterparty-specific, revocable grant into one manifest embedded in the asset.

So provenance and the credential compose rather than compete: C2PA proves this is the real thing; the credential proves you are allowed to use it. A LicenseFoundry credential can be embedded as — or referenced by — a C2PA manifest assertion, so downstream consumers get both provenance and rights verification from a single artefact.

Where can I read the full cross-coalition analysis?

Our long-form essay covers CoMP V1, RSL 1.0, and C2PA together — what each standard solves, the shared downstream gap they all leave, why a separate credential layer is structurally correct, and how the layer composes with each protocol. Read it at licensefoundry.com/essays/licensing-layer-below-comp-rsl-c2pa.

Are you involved with the Leiden Declaration?

The Leiden Declaration on AI and Mathematics (June 2026, International Mathematical Union-endorsed) calls on mathematical organisations to develop licensing agreements that prevent use of published work as training data without consent. That recommendation is, almost verbatim, what our infrastructure operationalises. Our response essay is at licensefoundry.com/essays/leiden-declaration-licensing-infrastructure.

4. Pricing & billing

Is ASSESS really free for everyone?

Yes — unlimited volume, no subscription gating, no PAYG, no OSS-only carve-out. ASSESS is the operational entry point to the public Compliance Framework at licensefoundry.com/framework/v1.0. The score is computed, not signed, and the methodology is published under terms that permit audit, derivation, and challenge.

What is billed when I revoke and re-issue a credential?

Revocation is always free. Re-issuance is billed because it produces a new cryptographically signed credential. If you revoke and re-issue within five minutes of the original issuance (the integration-error correction window), the original is automatically credited and the net charge is one credential. Outside that window, both are billed.

Do I need a subscription to use LicenseFoundry?

No. ASSESS is free for everyone; verification is free for everyone; PAYG pricing covers credential issuance and standard licences without commitment. Subscriptions (Starter, Growth, Scale, Enterprise on the publisher side; Verify, Audited Provenance, Enterprise on the AI-lab side) bundle volume at meaningful discounts versus PAYG and add features like audit reports and SLAs.

What does a publisher bundle cover?

Credentials issued and Standard Licenses produced — ASSESS is free for everyone and is not metered. Specifically: Starter ($549/mo) covers 5,000 credentials and 1,500 Standard licences; Growth ($1,649/mo) covers 30,000 credentials and 6,000 Standard licences; Scale ($7,699/mo) covers 125,000 credentials and 25,000 Standard licences plus quarterly audit reports; Enterprise is quoted. Premium and Bespoke LICENSE attestations remain à-la-carte add-ons on any tier.

Are you like ASCAP for AI training data?

Yes — and the structural parallel is exact. ASCAP made the music licensing market function by sitting in the neutral middle: songwriters got paid more than they would individually negotiating with every venue, venues got one licence covering hundreds of thousands of songs, and ASCAP attested that the licences were real without owning either the songs or the venues. LicenseFoundry does the same for AI training data — but with one important difference that makes our position even more neutral than ASCAP's.

ASCAP collects money from venues and distributes it to songwriters. LicenseFoundry does not touch the money at all. Publishers charge AI labs directly for licensing rights; we just attest to what was granted, when, and on what terms. Our pricing is flat per credential and per audit report, not a percentage of licensing fees — we cannot take a percentage of something we never see.

The structural point is the same in both industries: the neutral middle works because it is structurally separate from both parties to the transaction. A radio station cannot credibly attest to its own licensing rights; an AI lab cannot credibly attest to its own training-data rights. The market needs a third party that has no commercial stake in the underlying transaction outcome — and that third party's value proposition is that it lets the underlying market function at all. Without ASCAP, there is no commercial music licensing market at scale. Without a neutral credential layer, there is no commercial AI training-data licensing market at scale.

Is LicenseFoundry self-serve, or do I have to sign a contract?

Mostly self-serve. Compliance scoring (ASSESS) is free with no account, and the verifier SDKs are open-source — no contract. Issuing credentials is self-serve too: you sign in to the sandbox with Google or GitHub and pay as you go per rights manifest, with a free tier to start. A Master Services Agreement and Data Processing Addendum apply only to Enterprise, SLA-backed, or bespoke commercial deals — not to self-serve use.

Does LicenseFoundry have pay-as-you-go (PAYG) pricing?

Yes — pay-as-you-go is the standalone entry point, not just an overage. Issuing a credential is $0.027 per rights manifest with no subscription required, and free for OSI-licensed open-source assets; per-licence attestations are also PAYG, priced by complexity. Publisher subscription bundles are an optional alternative that add monthly allotments, with PAYG overage above them.

5. Compliance & audit

What is the difference between self-backup and a LicenseFoundry audit report?

Self-backup is the customer's internal record-keeping — fast, free, but the customer's own assertion. A LicenseFoundry audit report is a signed third-party attestation of credential activity over a defined scope, with cryptographic completeness guarantees. The two are complementary, not substitutes: self-backup answers what do we have; audit reports answer what can we produce as court-admissible evidence. Most regulated publishers need both.

Will this hold up in court?

The credential is cryptographically signed, time-anchored to a public L2 settlement layer, and revocation-tracked via W3C Bitstring Status List v1.0. The signature, the timestamp, and the revocation state are all independently verifiable by any third party — a regulator, a court, an opposing counsel — without depending on LicenseFoundry being operational. Adversarial evidentiary weight is materially stronger than a PDF licence agreement or a clickthrough TOS.

Is this GDPR / EU AI Act compliant?

The infrastructure supports compliant operation; whether any specific credential is GDPR-compliant depends on how the publisher uses it. The Compliance Framework at licensefoundry.com/framework/v1.0 scores each credential against eight categories that map directly onto EU AI Act, GDPR, CCPA, COPPA, HIPAA, and four other regulatory regimes — across six jurisdiction-weighted views.

What do AI-lab audit subscriptions cover?

Audit Starter ($2,199/mo) is for Tier 2 labs and covers ingestion oversight. Audit Growth ($6,599/mo) is for the active Tier 1 subset. Audit Enterprise ($16,599–$54,990/mo, quoted) is for Tier 1 labs and regulated-sector deployments and includes monthly audit reports, dedicated CSM, and indemnification reserves. All sit alongside the free Verify tier, which any AI lab can use without a contract.

How does this fit with EU AI Act enforcement in the Netherlands?

Through the Dutch coordination structures for AI policy implementation. AIC4NL (the AI Coalition for the Netherlands) has a coordination role with AP (Authoriteit Persoonsgegevens — the Dutch Data Protection Authority and the designated national supervisory authority for the EU AI Act) and the Ministry of Economic Affairs on EU AI Act implementation. The particular focus areas are the operational interpretation of Article 53 (training-data transparency obligations for general-purpose AI models) and Article 4 of Directive 2019/790 (the machine-readable rights-reservation framework).

LicenseFoundry's credential infrastructure operationalises both. The credential layer is the structured-grant counterpart of an Article 4 reservation — content signals declare the default ("ai-train: no"), credentials record the specific grants against that default. It is also the audit-grade evidence layer that Article 53 transparency obligations call for: a regulator or court can reconstruct exactly what each AI lab was authorised to train on, when, with what scope, against the published framework methodology.

As a Netherlands-incorporated entity, we engage AIC4NL, AP, and the Ministry through these Dutch coordination channels. Our active application for AIC4NL membership is part of this engagement, with ELSA Labs (Ethical, Legal, Societal Aspects of AI) as the primary working-group target. Publishers and AI labs operating in or selling into the EU market should expect the Dutch implementation pattern to be one of the early templates other member states will reference.

What does LicenseFoundry actually attest — and what doesn't it?

It depends on the tier. Standard (automated) attestation confirms the issuer's identity is verified, the rights claims were cross-referenced against the asset's metadata and any supplied evidence, and no red flags surfaced — it does not include human review of specific claims, a legal opinion, or indemnification against third-party claims. Named-Analyst Review adds review and sign-off by a named analyst; Qualified-Counsel Review adds legal review by qualified counsel, a court-ready attestation document, and indemnification negotiated per contract. Verifying any credential is always free.

6. Operational independence

Can credentials be verified offline?

Yes. Verification is offline, in milliseconds, against the publicly fetchable issuer key set at did:web:licensefoundry.com. Verifiers cache the key material with a TTL of no more than 24 hours. The only network call beyond cache is the W3C Bitstring Status List v1.0 revocation check, which is itself publicly fetchable and cacheable.

What happens if LicenseFoundry stops operating?

Credentials customers and their counterparties already hold continue to verify cryptographically. The Status List and DID JSON would need to remain reachable for revocation checks; LicenseFoundry would publish a wind-down plan handing those endpoints to a successor or a foundation. Same operational-independence model that protects Let's Encrypt certificates within their validity windows and ASCAP-issued music rights.

Can I switch to a different credential issuer?

Yes. The credential format (W3C VC 2.0), the signing curve (Ed25519), the identity layer (did:web), and the revocation mechanism (Bitstring Status List v1.0) are all open standards. A second issuer can run interoperably with us using the same substrate. The healthy long-term shape of the layer is multiple neutral attestors operating in parallel, the way ASCAP and BMI co-exist in music rights or multiple certificate authorities operate the public web's PKI.

Is the substrate open?

Yes. The standards we use (W3C VC 2.0, JWT-VC, Ed25519, did:web, Bitstring Status List v1.0) are all open, public, and broadly implemented. The Compliance Framework at licensefoundry.com/framework/v1.0 is openly published under terms that permit audit, derivation, and challenge. SDKs are on npm (@licensefoundry/sdk) and PyPI (licensefoundry). The substrate is open infrastructure; the commercial product is the operational layer on top.

Do you handle payment, or take a cut of the deal?

No — deliberately. LicenseFoundry never sits on the cash flow and takes no transaction fee. Payment settles where it always has: a bilateral invoice between publisher and AI lab, or a marketplace in the request path (Cloudflare pay-per-crawl, TollBit, ProRata) that meters access and remits to the publisher. We stay out of the money for the same reason an auditor isn't paid out of the transaction it audits — a neutral attestor with a commercial stake in the deal is no longer neutral. Visa moves the money; we're the auditor. A credential can reference the settlement record, but it never processes or vouches for the payment itself.

Did not find your answer?

Two paths in:

Try it in the sandbox → Email us →