RFC-027: IHL-Aligned Governance — Protected Persons and Humanitarian Context — 3. New Protocol Elements
AIGP Specification › RFC-027: IHL-Aligned Governance — Protected Persons and Humanitarian Context › 3. New Protocol Elements
← 2. IHL Principles Mapped to AI Governance · Section index · 4. Interaction with Existing RFCs →
3. New Protocol Elements
3.1 Humanitarian Context Declaration
A new optional field on REGISTER and REQUEST messages:
{ "humanitarian_context": { "active": true, "legal_regime": "IHL_GCIV", "conflict_classification": "IAC", "protected_person_categories": ["CIVILIAN", "WOUNDED", "POW", "REFUGEE"], "operating_authority": "ICRC", "geographic_scope": "UA-DON", "declaration_date": "2026-06-17T00:00:00Z" }}| Field | Type | Description |
|---|---|---|
active |
boolean | Whether the humanitarian context is active |
legal_regime |
enum | IHL_GCIV, IHL_GCIII, IHL_API, REFUGEE_CONVENTION, CUSTOMARY_IHL |
conflict_classification |
enum | IAC (international armed conflict), NIAC (non-international), OCCUPATION, CRISIS |
protected_person_categories |
string[] | Categories of protected persons relevant to this application |
operating_authority |
string | The humanitarian authority under whose mandate the AI operates |
geographic_scope |
string | ISO 3166-2 or conflict-specific geographic identifier |
declaration_date |
datetime | When the humanitarian context was declared |
3.2 Non-Derogable Governance Rules
When humanitarian_context.active = true, the following governance rules are automatically enforced and cannot be overridden by operator policy:
| Rule | Effect | IHL Basis |
|---|---|---|
PROTECTED_PERSON_DISTINCTION |
All data subjects must be classified; protected persons get enhanced protections | GCIV Art. 3, 27 |
MANDATORY_HUMAN_AUTHORITY |
No AI-only decision path for actions affecting protected persons | GCIV Art. 146-147 |
NON_DISCRIMINATION_ENFORCEMENT |
Protected attributes cannot be decision inputs for protected person contexts | GCIV Art. 27, 13 |
PROPORTIONALITY_CHECK |
Actions affecting protected persons require proportionality assessment | AP I Art. 51(5)(b) |
PRECAUTIONARY_ENFORCE |
Cannot degrade to REPORT mode for protected person invocations | AP I Art. 57 |
HUMANE_TREATMENT_GUARDRAILS |
Enhanced content guardrails for outputs concerning protected persons | GCIV Art. 27, 32 |
DATA_SOVEREIGNTY_IHL |
Data about protected persons subject to IHL data regime, not just local law | GCIV Art. 136-141 |
AUDIT_TRAIL_MANDATORY |
Complete, tamper-evident audit trail required (no opt-out) | GCIV Art. 146 (accountability) |
3.3 Protected Person Data Classification
Extends the existing data_classification enum:
MINIMAL_RISK → LIMITED_RISK → HIGH_RISK → PROHIBITED ↓ PROTECTED_PERSON (IHL)PROTECTED_PERSON is not a “higher” risk level — it is a parallel legal regime that imposes distinct obligations. An AI system may process HIGH_RISK commercial data and PROTECTED_PERSON humanitarian data simultaneously, subject to different governance rules.
3.4 Proportionality Assessment Field
New optional field on REQUEST when humanitarian_context.active = true:
{ "proportionality_assessment": { "intended_benefit": "Identify disease outbreak pattern to allocate medical supplies", "potential_harm_to_protected_persons": "Geolocation data of civilian population exposed to requesting authority", "mitigation_measures": ["Aggregate to district level", "Remove individual identifiers", "Time-delay 72h"], "human_authority": "Dr. M. Dupont, ICRC Field Coordinator", "assessment_outcome": "PROPORTIONATE" }}3.5 Attribution Chain Requirement
When humanitarian_context.active = true, every governance decision that results in action affecting protected persons MUST include:
{ "human_attribution": { "authority_name": "string", "authority_role": "string", "authority_organization": "string", "decision_timestamp": "datetime", "decision_basis": "string", "superior_authority": "string (optional)" }}This ensures that “the AI recommended it” is never the final attribution for decisions affecting protected persons.
← 2. IHL Principles Mapped to AI Governance · Section index · 4. Interaction with Existing RFCs →