Why RIO is an Open Protocol
The RIO Protocol is published as an open specification. This is a deliberate architectural decision, not a marketing choice.
Open by Design
The RIO Protocol is published as an open specification under the rio-protocol repository. This means:
- Anyone can read the specification and understand exactly what a RIO-compliant system must do
- Anyone can implement the protocol — you do not need our code, our gateway, or our permission
- Anyone can verify compliance using the published conformance test vectors
- Anyone can build tools — SDKs, verifiers, explorers, simulators — against the specification
Why Open?
Governance infrastructure only works if it is trustworthy. Trust requires transparency. If the rules for how AI actions are authorized, recorded, and verified are hidden inside a proprietary system, you are trusting the vendor — not the protocol.
An open protocol means:
- No vendor lock-in — switch implementations without losing compliance
- Independent audit — any security researcher can review the cryptographic guarantees
- Ecosystem growth — the protocol improves as more teams implement and test it
- Regulatory confidence — regulators can inspect the specification directly
What is Open vs. What is Not
The protocol specification is open: the 8-stage pipeline, receipt format, ledger chain formula, schemas, conformance tests, and verification procedures.
The reference implementation is a separate codebase that demonstrates one way to build a compliant gateway. It exists to prove the protocol works, not to be the only implementation.
Get Involved
Read the Contributing Guide to learn how to participate in protocol development.