Compliance stems from a shared architecture

Compliance within the DORG ecosystem is not centralized in a single entity. It is distributed according to a shared responsibility model. Each entity is responsible for what it effectively controls, with obligations formalized in the Master Agreement.

Request the Compliance Approach Document

[Shared Responsibility Model]

DORG SRL

Responsible for technical quality and software security.

  • Secure development and vulnerability management
  • Timely release of security and regulatory updates
  • Integrity of the Competency Registry
  • Non-bypass of MCP Manifests

DORG SRL never accesses the client’s environment. Its responsibility is limited to the software.

[ Shared Responsibility Model ]

DORG Society ETS

Responsible for ethical governance and compliance with the Code of Conduct.

  • Ownership and updating of the Code of Conduct
  • Ethical supervision through pseudonymized data
  • Verification of violations and graduated sanctions
  • Coordination of the conditional activation mechanism

DORG Society does not access operational data. It governs through rules and monitors through patterns and pseudonymized data

[ Shared Responsibility Model ]

User Organization

Responsible for operational and regulatory compliance within its own context.

  • Compliance with applicable regulations within its own context
  • Data protection as Data Controller
  • Risk-calibrated human oversight (HOS)
  • Verification of competencies prior to use

Adherence to the Code of Conduct is mandatory. It is not sufficient to replace legal obligations and compliance with internal procedures

[ Mission ]

The conditional verification system

DORGs operate only when three conditions are verified daily: software updates within security deadlines, transmission of ethical supervision data, and payment of the governance fee for the mitigation of social and environmental impacts

Failure to comply activates a grace period; failure to restore compliance within the terms results in automatic deactivation.

Verification is technical and cannot be bypassed — any attempt at circumvention constitutes grounds for immediate contract termination.