Governance Model

Purpose & Authority

The Civility Bureau Foundation is the neutral steward of the Bureau's governance infrastructure and mission: reducing online harm through privacy‑preserving accountability. It stewards and safeguards the attestation schema, scoring criteria, and escalation pathways the normative rules that define how accountability is enforced.

These rules cannot be modified unilaterally. All changes follow transparent, multi‑stakeholder governance and must align with the Bureau's Ethical Charter.

 

    Supervisory Board Structure and Appointment

    To comply with the foundation's statutes, the governance framework includes a two-tier structure: an Executive Board (Bestuur) and a Supervisory Board (Raad van Toezicht). The Supervisory Board is responsible for oversight and for appointing members of the Executive Board, based on nominations submitted by the Board. This ensures independence, accountability, and alignment with Dutch governance standards for foundations. The Supervisory Board also approves key decisions such as amendments to statutes, mergers, and dissolution, safeguarding continuity and integrity.

    Rotation & Term Limits: Members serve maximum 4 years, renewable once, to prevent capture and ensure fresh perspectives. Conflict of Interest Policy: Full disclosure of affiliations and mandatory recusal from conflicted decisions. Observer Seats: Non voting positions for NGOs, human rights institutions, or academic observers to strengthen transparency.

    Remuneration and ANBI Compliance

    All members of the Executive Board and Supervisory Board serve on a voluntary basis. In accordance with ANBI requirements and the foundation's statutes, they receive no remuneration or honoraria for their work. Only reasonable out-of-pocket expenses incurred in the performance of their duties may be reimbursed. This policy guarantees that governance remains fully aligned with the foundation's non-profit character and its commitment to public benefit.

     

    Governance Advisory board:

    The Multi‑Stakeholder Governance Board includes representatives from:

    • Regulatory experts (e.g. EU, US, OECD digital policy specialists)

    • Technical experts (cryptography, privacy‑enhancing technologies, trust & safety)

    • Civil society & academia (digital rights, human rights, online harms research)

    • Industry (platforms across sectors and sizes)

     

    Decision Making

    Attestation Schema & Scoring Criteria

    • Schema and scoring changes require a two‑thirds supermajority and public consultation.

    • Each version is digitally signed and recorded in the Schema Registry for auditability.

    Operational Policies
    • Daily operations are managed by the Secretariat, which executes board‑approved policies but cannot alter normative rules.

     

    Transparency & Audit

    • Public Change Log – Every schema or scoring update is documented with rationale, scope, decision process, and impact assessment.
    • Annual Governance Report – Summarises board decisions, appeals statistics, regulator engagement, and audit outcomes.
    • Independent Audit – External auditors verify that attestations and scoring criteria are applied consistently with fairness and privacy compliance.
    • Algorithmic Fairness Review – Detects unintended bias in scoring or categorisation.
    • Funding Transparency Report – Annual publication of all funding sources.

     

    Legal & Jurisdictional Alignment

    • Baseline: EU DSA + GDPR compliance as the strictest applicable standards.
    • International Adaptation: Guidance notes clarify how attestations align with other frameworks (e.g. FTC in the US, OECD principles, UN/UNESCO digital governance).
    • Regulator Liaison Committee: Standing subgroup to engage with international regulators and policy bodies.

    Appeals

    • User Appeals: Citizens may challenge attestations via their platform; outcomes must be logged in the Bureau.
    • Platform Appeals: Platforms may contest severity scoring or categorisation; reviewed by an independent panel.
    • Escalation Path: Unresolved disputes may be referred to competent regulators or the Regulator Liaison Committee.
    • Appeal Outcomes Ledger: Maintains pseudonymous records of appeal resolutions for audit.

    Disclosure Oversight Subcommittee

    Purpose: Ensure that any regulator access to pseudonymous keys is lawful, proportionate, and threshold‑based (terrorism, CSAM, imminent threats). Dual authorisation is required, with emergency disclosures subject to retroactive review.

    • Threshold‑based review: Requests are only considered for the highest‑severity categories (terrorism, CSAM, imminent physical threats).
    • Dual authorization: One legal expert and one technical officer must jointly approve each disclosure.
    • Emergency pathway: In urgent cases, disclosures may be executed immediately, but must undergo retroactive review within 7 days.
    • Transparency reporting: A quarterly aggregated log is published, showing counts by category, approvals, and rejections, without exposing identities.
    • Scalability safeguard: If disclosure volumes materially increase, automated triage and sampling audits may be introduced, provided dual authorization is preserved for high‑risk or ambiguous cases.

    Ethical Charter

    The Foundation commits to uphold the following principles in all operations:

    1. Privacy‑first accountability – The Bureau operates on pseudonymous attestations only. No personal identity is ever collected or exposed; regulator access to pseudonymous keys is strictly governed by lawful authority and oversight.
    2. Proportionality – Interventions scale with the severity of harm, ensuring responses are neither excessive nor inadequate.
    3. Due process – Attestations and scoring are auditable and reviewable by independent oversight, while platforms remain responsible for user appeals.
    4. Non‑discrimination – All data processing and scoring undergo fairness checks to prevent bias across demographics, geographies, or viewpoints.

    Safeguards Against Capture

    To preserve independence and prevent capture by any single stakeholder group, the Foundation embeds the following safeguards:

    • Balanced Representation – No group holds a majority.
    • Public interest review: Civil society may pause schema changes where credible human rights or privacy concerns arise.
    • Independent oversight board: verifies disclosures, schema changes, and audits.
    • Transparency of Process: All governance decisions, including vetoes and oversight reviews, are documented and published in quarterly reports.

    Transparency & Reporting

    The Foundation commits to proactive, transparent communication of its operations and impact:

    • Quarterly Transparency Bulletin – Summarises ledger metrics, disclosure activity, and observed trends in a privacy‑preserving format.
    • Annual State of Online Civility Report – Issued jointly with academic partners, providing governance performance analysis and emerging risk assessment.
    • Open Data Portal – Provides aggregated, privacy‑preserving insights for researchers, policymakers, and civil society.

    Future Evaluation

    The Foundation is committed to independent evaluation of its impact on harm reduction. While the Bureau's immediate mandate is to provide privacy‑preserving accountability infrastructure, the Foundation will invite academic and civil society partners to assess whether operations measurably reduce online harms. Findings from such independent research will be published in full.

     

    Technical Standards Principle

    The Foundation is committed to aligning schema and cryptographic design with recognised open standards. Once the Bureau's core schema is stabilised, the Foundation will convene a Technical Standards Forum, chaired by the Board's Technical Representative, to publish RFC‑style proposals and invite public participation. This ensures transparency, interoperability, and continuous improvement, while safeguarding the Bureau's privacy‑preserving mission.

     

    Crisis & Incident Response Protocol

    In the event of high‑severity incidents (e.g. terrorism, CSAM, coordinated harassment), the Foundation will trigger a structured Incident Review Cycle to ensure rapid yet accountable response:

    1. Secretariat initiation of the review process.
    2. Technical Subcommittee verification of attestation integrity and system reliability.
    3. Regulator Liaison Committee coordination of lawful disclosures, consistent with the Ethical Charter.
    4. After‑Action Report published within 30 days, documenting the incident, the Bureau's response, and lessons learned.

    This protocol ensures extraordinary events are handled with urgency, proportionality, and transparency.