Consent gets separated from data
A permission is captured in one system while the data flows into many. By the time a dataset reaches a model, the consent behind it is gone.
Consent infrastructure · SDK + API
Consent infrastructure for AI products.
Issue, verify, revoke, enforce, and audit machine-readable consent across datasets, agents, applications, and AI pipelines.
Built for AI-era data governance. Designed for LLMConsent-style consent records.
Explore LLMConsent ↗- TypeScript SDK
- REST API
- LLMConsent-compatible
- subject
- user_123
- asset
- conversation_export
- purpose
- llm_training
- actor
- model_pipeline_7
- issued
- 2026-06-28
- expires
- 2027-06-28
- proof
- signed + timestamped
allowedsigned · revocable
const consent = await oconsent.verify({
subject: "user_123",
asset: "conversation_export",
purpose: "llm_training",
actor: "model_pipeline_7"
});
if (!consent.allowed) {
throw new Error("Consent not granted");
}- Consent record Subject grants a scoped, signed permission.
- Verify Point-of-use check before any access.
- AI pipeline / agent Runs only on allowed assets.
- Audit proof Tamper-evident record of every use.
audit_trail
2026-06-28T10:22:04Z verify asset=conversation_export actor=model_pipeline_7 → ALLOWED
Consent was built for banners. AI needs infrastructure.
AI use is hard to prove
When a customer or regulator asks what a model was trained on, and why it was allowed, screenshots and spreadsheets are not evidence.
Revocation rarely propagates
Someone withdraws consent, but the data already sits in pipelines, caches, and fine-tunes that never hear about it.
Consent that travels with data.
One record, checked everywhere it matters. The same consent object follows your data from the moment it is issued through to the audit trail.
-
01
Issue
Mint a signed, machine-readable consent record that names the subject, asset, purpose, and allowed actors.
-
02
Verify
Check permission at the point of use with one call, before any dataset, agent, or pipeline touches the data.
-
03
Enforce
Wire enforcement hooks into your code so disallowed use is blocked by default, not flagged after the fact.
-
04
Revoke
Withdraw a permission once and let revocation propagate to every consumer that checks.
-
05
Audit
Produce tamper-evident audit proof of who used what, for which purpose, and under whose consent.
Add consent verification in minutes.
Install the SDK, point it at your registry, and gate any AI workload on a live consent check. No banner, no bespoke plumbing.
npm install @oconsent/sdk
- Install the SDK
- Configure your API key
- Gate the workload on verify()
import { OConsent } from "@oconsent/sdk";
const oconsent = new OConsent({
apiKey: process.env.OCONSENT_API_KEY
});
const result = await oconsent.verify({
subject: "user_123",
asset: "support_chat_2026_04",
purpose: "model_finetuning",
actor: "customer_support_llm"
});
if (result.allowed) {
await runPipeline();
} else {
await skipAsset(result.reason);
}Built for open AI consent standards.
LLMConsent defines what AI consent should mean. OConsent makes it enforceable in software.
LLMConsent.org
- Open standard
- Public vocabulary
- Consent specification
- Governance
- Ecosystem alignment
OConsent.io
- SDKs
- APIs
- Verification service
- Consent registry
- Enforcement hooks
- Audit infrastructure
Notes from the build.
Revocation and audit: making AI data use provable
Withdrawing consent so it actually propagates, and producing evidence of every decision that you cannot quietly edit later.
Point-of-use verification: gating AI workloads on consent
How to turn a consent record into an allow or deny decision at the moment data is about to be used.
The consent record: a machine-readable schema for AI data use
A field-by-field look at the consent record OConsent issues, and why each part is in there.
Build consent-aware AI.
Start with verifiable consent records and make AI data use auditable by design.