Certification marks and trust registries
A public registry listing that pairs a human-readable trust badge with a standardized machine-readable mark embedded in the tool's interface, filterable by impact level and assessment status.
When a citizen reaches a service through an AI agent, or an agency relies on a tool to serve them, both need a fast, reliable signal that the tool has been assessed against known standards. Physical goods have CE marks, electrical safety tags, and food-grade certifications; digital tools have no equivalent that is both widely recognized and independently assured, and an agent has nothing it can check programmatically at all.
A widely recognized, independently assured certification mark and public trust registry give a citizen, agency, or agent a rapid signal that a digital tool has been assessed against known standards. In the EU model the mark is machine-readable, so the agent can query it programmatically.
The small builder is the one priced out: a FedRAMP Moderate authorization runs to roughly US$500K–1.5M upfront (more for High-impact programs), and EU conformity assessment needs a Notified Body, costs a volunteer or single-developer civic tool cannot meet. Keep the registry open to them by tiering certification to risk, so a low-consequence tool earns a place without an enterprise-scale audit.
A registry entry exposes both a rendered trust badge and a machine-readable code in the product interface, so a citizen reads the badge and an agent queries the code.
No surface has been built yet; the approach above is the brief for one.
Emerging. The public registry and trust-badge response is in operation but narrow: a machine-readable mark an agent can query is legislated under CE marking yet not operationally implemented, FedRAMP-style authorization is mature for cloud but only beginning to cover AI, and the DPGA registry is live but voluntary and limited in scope.
EU AI Act CE marking for high-risk AI systems (EU, 2024–2026). Providers of high-risk AI systems must undergo conformity assessment and affix a CE marking, the symbol used for physical product safety since 1985. For systems provided digitally, Article 48 requires a "digital CE marking" accessible through the software interface or via machine-readable code; where a Notified Body conducted the assessment, its identification number must follow the mark. Backed by market surveillance authorities with powers to withdraw non-compliant systems.
FedRAMP Marketplace (US, 2011–present). A searchable registry of cloud service offerings authorized at Low, Moderate, or High impact levels. Agencies filter by impact level, status, and business function, then drill into each offering's sponsor, assessor, assessment date, and reuse history. The "authorize once, reuse many times" model reduces duplicated assessment effort; from 2025 FedRAMP began prioritizing AI services under a "20x" pilot.
Digital Public Goods Alliance Registry (DPGA, 2019–present). A registry of verified digital public goods assessed against a nine-indicator standard (SDG relevance, approved open licenses, clear ownership, platform independence, documentation, data extraction, privacy/legal compliance, standards adherence, content safety). Applicants submit evidence online; the DPGA technical team reviews against each indicator.
High for the registry pattern; moderate for the CE-marking analogue. The DPGA model (open standard, evidence-based review, public registry) is directly transferable to a national registry of verified civic technology. The FedRAMP "authorize once, reuse many" model solves a real coordination problem, but its cost structure has to be reworked for small builders.
The EU's digital CE marking is the precedent that matters most for agents: a machine-readable trust signal embedded in the product interface rather than a registry listing alone, which is the form an agent can query programmatically.
A trust registry surfaces whether a decision-support tool was ever assessed against a standard. It would not by itself stop a flawed tool, but recording the absence of any conformity assessment makes that gap visible to agencies relying on it.