v1.0 • OPEN STANDARD

The permission
layer the web
needs for AI.

A simple, machine-readable protocol — like robots.txt — that lets any site declare exactly how AI systems may use its content.

For AI companies GitHub
MIT Licensed
Zero dependencies
Works today
ai-policy.json
VALID
{
  "version": "1.0",
  "training": "deny",
  "summarization": "allow-attribution-required",
  "commercial-ai-use": "license-required",
  "contact": "you@domain.com"
}
This is exactly what an AI crawler will see
For publishers & creators
Declare your terms once. Get respected at scale. Open the door to new licensing models.
For AI companies & agent builders
Get clear, machine-actionable signals instead of legal gray zones. Crawl responsibly and build trust.
THE PROBLEM

Right now, every website is silent.

AI systems are ingesting the web at unprecedented scale with almost no way for creators to express consent or terms.

Existing tools are insufficient
  • robots.txt is too coarse
  • Meta tags are inconsistently parsed
  • Legal notices are not machine-actionable
Clear consent signals

Publishers finally have a standard way to say “yes”, “no”, “with attribution”, or “only with a license”.

Reduced legal risk

AI developers get explicit, auditable instructions instead of guessing at fair use or terms of service.

New commercial models

“paid”, “license-required”, and contact directives create the foundation for legitimate data licensing markets.

A healthier ecosystem

Respect becomes the default. Sustainable relationships between creators and the AI systems that use their work.

FOR PUBLISHERS & CREATORS

Declare once.
Be respected everywhere.

01 — CREATE
Create your policy

Copy an example. Edit the four main directives. Under 60 seconds.

02 — PUBLISH
Make it discoverable

Place at /.well-known/ai-policy.json or serve the AI-Policy header.

03 — OPTIONAL
Add the <link> tag

Extra visibility for static sites and most CMS platforms.

Try it instantly in the playground →
LIVE DEMO

Policy Playground

Edit the policy (JSON or TXT). The simulator instantly shows what any compliant AI crawler or agent must do.

ai-policy.json
Quick generator (live updates)
AI Decision Simulator Live
Edit the policy or load an example to see how a compliant AI must behave.
Decisions follow the AUDP 1.0 processing rules exactly. No policy? The crawler falls back to its normal public-web behavior and should log the lack of signal.
AI COMPANIES • AGENTS • CRAWLERS • RAG PIPELINES

Stop guessing.
Start respecting signals.

Implementing AUDP is one of the highest-leverage responsibility moves you can make. It takes a few lines of code and immediately gives you clarity at web scale.

LEGAL & RISK
Clear, auditable intent
When a site says “deny” or “license-required”, you have an explicit record. No more “we didn’t know”.
DATA QUALITY
Better training data
Only ingest content that has explicitly opted in. Reduces noise and future rights issues.
COMPETITIVE EDGE
Be the responsible actor
Publishers, regulators, and the public are watching. Demonstrable respect is becoming table stakes.
THE INTEGRATION PATTERN 
policy = await audp.fetchPolicy(pageUrl)
if (!policy || policy.training === "deny") {
    // skip for training / fine-tuning
    return
}
if (policy.summarization === "deny") {
    // do not summarize
}
if (policy["commercial-ai-use"] === "license-required") {
    // route to licensing flow or skip
}
Full reference implementations in Python and JavaScript are available below and in the repo.
AI Builder Compliance Checklist
Fetch policy before ingesting any page
Cache results (24–168h recommended)
Respect every directive literally
Log when a restrictive policy was seen
Surface policy status in internal dashboards
Default to "skip" on ambiguous or unknown values
DISCOVERY ORDER

How AI systems find your policy

Crawlers check in this order. The first match wins.

1
HTTP Header
Preferred & fastest
AI-Policy: /.well-known/ai-policy.json
2
Well-Known URI
Universal & reliable
GET /.well-known/ai-policy.json
GET /.well-known/ai-policy
3
HTML <link>
Great for static sites
<link rel="ai-policy" href="/.well-known/ai-policy.json">
4
robots.txt
Legacy fallback
AI-Policy: /.well-known/ai-policy.json
No policy found? Fall back to your normal public-web policy and log the absence of an explicit AUDP signal.
REAL PATTERNS

Real-world examples

Independent Blog
Strong creator protection
PROTECTIVE 
{
  "version": "1.0",
  "training": "deny",
  "summarization": "allow-attribution-required",
  "excerpting": "allow-attribution-required",
  "commercial-ai-use": "license-required",
  "contact": "hello@personalblog.example"
}
News Organization
Monetization & licensing
COMMERCIAL 
{
  "version": "1.0",
  "training": "paid",
  "summarization": "allow-attribution-required",
  "excerpting": "allow-attribution-required",
  "commercial-ai-use": "license-required",
  "contact": "licensing@news.example.com"
}
Photographer
Maximum visual protection
PROTECTIVE 
{
  "version": "1.0",
  "training": "deny",
  "summarization": "deny",
  "excerpting": "allow-attribution-required",
  "commercial-ai-use": "license-required",
  "contact": "licensing@photographer.example"
}
Open Source Project
Permissive for the ecosystem
PERMISSIVE 
{
  "version": "1.0",
  "training": "allow",
  "summarization": "allow",
  "excerpting": "allow",
  "commercial-ai-use": "allow"
}
Adopt AUDP

Two paths. Pick yours. Everything below is copy-paste ready.

If you publish content
1. Serve the policy file
Recommended location:
https://yoursite.com/.well-known/ai-policy.json
Also supported: /.well-known/ai-policy and plain text.
2. Add the HTTP header
AI-Policy: /.well-known/ai-policy.json
Nginx, Cloudflare, Vercel, Netlify — one line.
3. Optional <link> tag
<link rel="ai-policy" href="/.well-known/ai-policy.json">
See the full publisher guide and static site snippets in the GitHub repo.
If you build AI systems or agents
Step 1 — Add discovery early
Call the fetcher before you use content for training, RAG ingestion, summarization, or any commercial product feature.
Step 2 — Respect the most restrictive directive
If training: "deny" — do not train. Cache the policy result.
Step 3 — Log & make it auditable
Record when a restrictive policy was present. This protects you and builds trust.
import audp

policy = audp.fetch_policy("https://example.com/article")
if policy and policy.get("training") != "deny":
    # safe to use for training
    train_on(policy, content)

Reference Implementations

Python

Zero-dependency fetcher + validator. Drop-in ready.

View full source →
JavaScript / TypeScript

Works in browsers and Node. ~50 lines.

View full source →
More coming
Go, Rust, PHP/WordPress, static site plugins (Astro, Hugo, etc.).
Contribute an implementation →

Core Directives (v1.0)

Directive Values
trainingallow | deny | paid | contact
summarizationallow | allow-attribution-required | deny
excerptingallow | allow-attribution-required | deny
commercial-ai-useallow | deny | license-required | contact
contactemail or URI
license-urifull legal terms URL

Official Resources

Full Specification (audp-1.0.md) JSON Schema (normative) GitHub Repository & Issue Tracker
The spec is deliberately minimal and modeled directly after the proven success of robots.txt.

The web is speaking.
Now AI can listen.

Whether you publish content or build the systems that consume it, AUDP gives you a clear, simple contract.

STAR & CONTRIBUTE
Open standard • MIT licensed • Community owned