Skip to main content
Version: 0.2 Draft 3

Privacy Claims Token

Open Specification

An open, portable format for expressing, signing, and verifying the data obligations that govern how a dataset may be lawfully processed, transferred, or used.

v0.2-draft.3Unreleased DraftCC BY 4.0
Read the SpecificationDownload PDFView on GitHub

Portable

PCT travels with data through systems and pipelines as a signed token, enabling verification at every enforcement point.

Cryptographically Signed

Claims are tamper-evident using RS256 or HS256 signatures, following the JWT model from RFC 7519.

Jurisdiction-Neutral

Core schema supports GDPR, HIPAA, EU AI Act, DORA, and any framework via extension namespaces.

Audit-First

Every verification event produces a structured, tamper-evident audit record automatically.

Open for Public Comment

The PCT Specification is a draft seeking community input. Leave inline comments on any page, email us, or join the discussion on GitHub.

How to Provide Feedback