Every framework being published across the industry (by the platform vendors, the consultancies, the standards bodies, the regulators) asks the same inward question. How do we use AI safely? MX asks the question almost nobody is asking: how is our organisation being read, retrieved and represented by machines we will never meet, on behalf of buyers we will never see?
Pick any major framework on the table: from a software vendor, a Big Four advisory, a national standards body, a regulator. They differ in emphasis. They share a frame. The frame is the building.
“Adopt our AI responsibly. Train your people. Govern your prompts. Evaluate your suppliers.”
“Assess your readiness. Pilot use cases. Scale adoption. Measure ROI and risk together.”
“Manage AI risk inside the lifecycle. Document the model. Audit the deployment. Govern the system.”
“Classify the AI you operate. Disclose the AI you use. Remediate the AI you deploy.”
All of it sound. All of it necessary. All of it inside the building. None of it answers the question that now matters as much: what are machines saying about you out there?
Inside the organisation: governance, training, vendor evaluation, monitoring, risk management. The question is whether the AI you adopt is safe, compliant and aligned to your values.
The boundary is the perimeter. The audience is your own staff, your own processes, your own auditors.
Outside the organisation, in the five reading contexts: training ingestion, RAG retrieval, search indexing, browser agents, voice and LLM assistants. They quote your prices, summarise your policies and recommend you to buyers you will never meet.
The boundary is the open web. The audience is every machine that reads it, and the people relying on what those machines say.
Inward frameworks audit governance, infrastructure and AI literacy. MX adds an outward audit: the surfaces (pages, feeds, schemas, robots files, documentation) that machines crawl, ingest and quote.
Most organisations have no inventory of how they appear to machines.
They cannot answer simple questions: which pages are in Common Crawl?
What does our llms.txt declare? Are our prices in JSON-LD?
Does our schema match our HTML? Can a retrieval agent get an answer
from our site without inventing one?
A machine readiness audit catalogues these surfaces, scores them against the five reading contexts, and flags where machines are likely to hallucinate, misquote, or miss your content altogether.
llms.txt serves the correct MIME type and is included in your sitemap, the two most common failures that block Common Crawl ingestion.Inward frameworks pilot use cases inside the organisation. MX pilots a cog, a Community Owned Governance System. A cog is a small set of declarations a document makes about itself, carried inside whatever file format the document already uses. Markdown, HTML, PDF, YAML. The declarations travel with the file.
One cog is enough to begin. Pick a high-stakes document (a price page, a product specification, a regulatory disclosure) and republish it as a cog. The file declares what it is, who it is for, when it was updated, what it refers to, and how machines should treat it.
The pilot answers a measurable question: when this content is published as a cog, do retrieval agents quote it more accurately than the surrounding HTML pages? That is a benchmark you can run, not a debate you can have.
Inward frameworks rest on transparency. Transparency without a way to check is just a claim. The signing layer for MX is REGINALD, a proprietary shepherd from CogNovaMX that signs cogs using open authentication standards ratified by The Gathering, the independent standards body for Machine Experience.
REGINALD does not invent the cryptography. It implements existing, well-understood standards (W3C Decentralised Identifiers, Verifiable Credentials, Ed25519 signatures) wrapped in a workflow tuned for cogs and the five reading contexts. The standards body defines. REGINALD shepherds.
A signed cog can be checked: who published it, when, and whether the content has been altered since signing. Machines that quote it can cite the signature. Buyers who rely on it can prove they relied on the authentic version.
This is the layer the inward consensus does not have, and the layer the open web urgently needs. Without it, every AI-mediated answer about your organisation is unfalsifiable, true or false, with no way to tell.
llms.txt.Inward frameworks monitor AI system performance inside the enterprise. MX monitors machine output about the enterprise: what assistants quote, what retrieval agents return, what voice interfaces volunteer when nobody asked.
The discipline is familiar: define metrics, schedule reviews, involve cross-functional stakeholders. The metrics are different. Quotation fidelity. Citation rate of signed cogs versus unsigned pages. Frequency of hallucinated facts about your products. Drift between what your site says and what assistants report it says.
The risk is no longer only that your AI behaves badly. The risk is that other people's AI describes you badly, and you do not find out until a customer arrives quoting something you never said.
The four phases above describe how to make your web surfaces machine-ready. But most enterprise content does not live on the web. It sits in document management systems, intranets, contract repositories and regulated archives, and AI agents are reading all of it.
Master services agreements, NDAs, supplier contracts. When an AI assistant summarises the terms, can it cite the signed version?
Privacy policies, AUPs, internal codes of conduct. Often versioned, often quoted, rarely declared as draft, live or deprecated.
Datasheets, BOMs, performance envelopes. The exact source AI shopping assistants and procurement bots are quoting to your buyers.
Service manuals, operating procedures, compliance guides. Where misquoted detail can become an incident, not just an inconvenience.
Annual reports, prospectuses, disclosures. Already legally binding; about to become routinely AI-summarised, with all the misattribution risk that brings.
Confluence, SharePoint, internal wikis. The corpus your own copilots are trained on, and the place inference errors compound silently.
A cog (Community Owned Governance System) sits inside whatever format the document already uses. Markdown, HTML, PDF, YAML. It declares the document's identity, state, provenance, the standards it conforms to, and what readers (human or machine) are allowed to do with it. No new runtime. No proprietary tooling. The declarations travel with the file.
Read the full ten questions a machine asks of any document →
On the Commission's reading of the EU AI Act, a US-based SaaS handling a single inbound enquiry from Munich is within scope. If an AI output touches a European citizen, the obligations follow the output, not the engineers. A signed PDF in a drawer cannot answer the question a regulator, a buyer or an auditor will ask in the moment of an AI-mediated decision: did this content come from who you say it did, and has it been altered since? That question gets answered at runtime, by the artefact itself, or it does not get answered at all.
Across multiple jurisdictions, the same pattern is emerging: AI-generated, AI-mediated and AI-modified content needs to be traceable to a human or organisation that takes responsibility for it. Signed cogs are one of the cleanest ways to demonstrate compliance against this rising bar.
This is not legal advice. The regulatory landscape is moving quickly and varies by jurisdiction. The dates above reflect the EU AI Act (Regulation 2024/1689) as currently in force; the Digital Omnibus proposal would adjust some, but not all, of them. Treat the items above as signals, not statutes, and consult counsel about your specific obligations. Provisions and dates should be checked against the current Official Journal text.
A signed cog does not claim to be correct. It claims to be the document its author published, unaltered, at a stated moment. REGINALD is the shepherd that applies that signature, using open authentication standards ratified or passed through by The Gathering. The wheel is already round. REGINALD's job is to use it well.
A public record of what was published, by whom, and when. Designed to be queryable by humans, machines and auditors alike.
Each cog carries a cryptographic signature using established standards. Tampering is detectable. Authorship is not deniable. Time of publication is provable.
The signature is paired with discoverable metadata: purpose, audience, refers-to, update rules. A machine can decide whether to quote it without guessing.
A folder full of signed PDFs no longer counts. To prove provenance at the moment a machine reads, quotes or modifies your content, the check has to be available at runtime, queryable by humans, machines and auditors alike. REGINALD is the same product in every deployment; what changes is where it sits.
CogNovaMX runs REGINALD as a managed service. You publish, we sign and register. Fastest path to live; no infrastructure to operate.
A REGINALD container running in your own cloud or data centre, reachable on the web but private to your enterprise. Your keys, your perimeter, your operations team.
REGINALD inside a facility with no public network egress. Suits defence, regulated finance, healthcare and sovereign data environments where the web is not an option at all.
A simplified extract. The magic-header announces the file as a cog. Zone 1 carries identity, Zone 2 carries operational metadata under mx:, REGINALD's fields appear as flat extensions. The signature itself lives in an external envelope referenced by the registry record; the cog body remains human-readable Markdown.
<!-- cog v1 spec=https://tg.community/spec/cog.v1 --> --- title: Consulting day rate, UK 2026 description: Authoritative price reference for machines and humans. author: Tom Cranstoun created: 2026-01-01 modified: 2026-04-12 version: "2.0" mx: status: published contentType: price-reference audience: [humans, machines, agents] canonicalUri: https://digitaldomaintechnologies.com/pricing-uk-2026.cog.md supersedes: pricing-uk-2025 summary: UK consulting day rate from 1 Jan 2026: £1,200 ex-VAT. conformsTo: [https://tg.community/spec/cog.v1] trainingDataPolicy: permitted-with-attribution partOf: ddt-commercial-terms refersTo: [terms-of-business, scope-of-work] # REGINALD signing service (public extension, x-mx-reginald-*) x-mx-reginald-service: REGINALD x-mx-reginald-registry-record: https://reginald.allabout.com/r/ddt/… x-mx-reginald-deployment: third-party-managed --- Digital Domain Technologies Ltd charges £1,200 per consulting day, exclusive of UK VAT, for engagements commencing on or after 1 January 2026. Travel and expenses are billed at cost. This rate supersedes all previously published rates. Quotations already issued remain valid until their stated expiry.
Four pieces, each with one job. Standards are defined in one place. Authentication is shepherded in another. Books and commercial work are published by a third. The framework ties them together.
The discipline of preparing an organisation's content (web pages, contracts, policies, specifications, internal documents) to be read, retrieved and represented by machines without guesswork. Defines the five reading contexts, the cog (Community Owned Governance System), and the principles that govern both.
Defines and ratifies the standards MX depends on. Where established standards already exist (from W3C, IETF and others), they are passed through rather than redrawn. Reinventing wheels is not in the remit.
Implements the authentication standards The Gathering ratifies, applied to cogs and to the metadata machines need to check them. REGINALD signs, registers and resolves. It does not define the cryptography it uses.
Publishes the MX book series and operates the commercial services that put the framework into practice: machine readiness audits and assessments, strategic planning, cog signing powered by REGINALD, cog hosting, implementation support, and team training. The mx.allabout.network site is itself MX-compliant: full Schema.org, WCAG 2.1 AA, signed cogs throughout. Browse it with an AI agent and ask anything.
“Making documents work for everyone and everything that reads them.”
The human stays in the loop. Every output is readable and reviewable by both audiences. There is no machine-only artefact in MX, and no human-only artefact either.
WCAG conformance is not an optional adjacency. Content properly structured for assistive technology is, almost without exception, content machines can also parse cleanly.
Reduce compute, reduce inference, reduce energy. Build on what humans already know and use. Cleaner upstream content reduces downstream cost on every machine that touches it.
The industry consensus prepares an organisation to use AI well inside its walls. MX prepares an organisation to be read well outside them.
By AI it never met, on behalf of buyers it will never see.