Skip to content
STATUS DRAFT · LCS v1.0.0 · built in the open, contributors wanted open a PR →

Introducing LLMConsent

AI systems are trained on us, learn from us, and increasingly act for us, and there is still no shared way to ask permission, prove it was given, or pay it back. Today we are opening up LLMConsent, an attempt to fix that as a protocol rather than a product.

PublishedSeptember 15, 2025BySubhadip MitraTagsannouncement

For the last two years the conversation about AI and data has been stuck in the same loop. A model ships. Someone notices their work is in it. A lawsuit gets filed, or a company adds an opt-out form that almost nobody finds, and everyone moves on until the next model ships. Nothing about the underlying machinery changes, because there is no underlying machinery. There is no agreed way for a person to say “yes, you can use this, under these terms” and for a system to check that answer before it acts.

That gap is what we are trying to close. Today we are releasing the first draft of LLMConsent, an open protocol for consent between humans and AI systems.

Why this is a protocol, not a product

The instinct most people have is to build a product. A consent dashboard, a licensing marketplace, a “data union” with a slick app. We think that instinct is wrong, or at least incomplete, and it is worth saying why up front.

A product governs whoever uses that product. If one company builds the best consent tool in the world, it still only covers the data flowing through that one company. The moment your data crosses into a different model, a different vendor, a different jurisdiction, the rules reset to zero. Consent that cannot travel with the data is not really consent. It is a setting on someone else’s server.

The things that actually solved this class of problem on the internet were not products. They were agreements. TCP/IP is an agreement about how to move packets. HTTP is an agreement about how to move documents. TLS is an agreement about how to do it without everyone watching. None of them are owned. Their value came precisely from the fact that everyone could implement them and nobody could revoke them.

AI is missing an agreement of that kind, and the missing one is about consent. Who is allowed to use what, for which purpose, for how long, and at what price. LLMConsent is our proposal for that agreement.

What it actually is

LLMConsent is a set of open standards. The core of it is a consent token: a signed, checkable statement that scopes how a piece of data or a person’s digital representation may be used. Train on it or do not. Run inference with it or do not. Let an agent act on it or do not. Bound how much any single source can influence a model. Set an expiry. Attach a price. Revoke it later if you change your mind.

There are four core standards in this first release.

  • LCS-001 defines the consent token itself and the grant, check, and revoke lifecycle that everything else is built on.
  • LCS-002 describes a digital twin, a persistent, user owned model that AI systems can reference with permission instead of each one rebuilding a private profile of you from scratch.
  • LCS-003 covers agent permissions: what an autonomous agent is allowed to do on your behalf, with spending limits, rate limits, delegation rules, and an audit trail.
  • LCS-004 handles memory shared across agents, so context can follow you between systems without you losing control of what gets remembered.

They build on each other in that order. You can read all four today. They are drafts, and they will change, and that is the point.

What it is not

Because of the company this protocol keeps, a few clarifications are worth making plainly.

This is not a token, a coin, or an investment of any kind. There is nothing to buy. The protocol uses cryptography because consent needs to be verifiable and signatures are how you verify things, but the goal is consent management, not speculation.

This is not a single company’s API with an open-source sticker on it. There are no admin keys. No one, including us, can freeze, seize, or quietly rewrite someone’s consent. If the project succeeds, it should outlive any of its current maintainers, the same way HTTP outlived the people who first wrote it down.

And it is not finished. The standards are early. The reference SDKs are mostly unwritten. We are publishing now, in this state, on purpose, because a standard written behind closed doors and revealed as a finished thing is not a standard. It is a press release. We would rather get the hard questions early.

On licensing

The code is under MIT. The standards and documentation are under CC BY 4.0. The split is deliberate. Implementations should be as easy to build on as possible, and specifications should be free to quote, translate, and fork as long as the attribution stays intact. Nobody should have to ask us for permission to implement a protocol whose entire purpose is permission.

How it is governed

The process is modeled on the ones that built the open internet: the IETF’s RFC process, the W3C, and the BIP and EIP improvement-proposal traditions. Anyone can propose a standard. Proposals are reviewed in public. Things move forward by rough consensus and working code, not by a vote we control. Accepted standards become immutable, and changing one means writing a new proposal that supersedes it, with the reasoning on the record.

We are in the bootstrap phase, and we are honest about what that means. Right now there is a small group doing the early work, and a founding maintainer with a tie-breaking vote that is meant to sunset. The plan is to give that power away as the community grows, not to accumulate it.

What we are asking for

If you have read this far, you are probably the kind of person we need.

Read LCS-001 and tell us where it is wrong. Try to implement a piece of it and tell us where the spec is ambiguous or impossible. Build an SDK in a language we have not covered. Open a proposal for the standard we forgot. Argue with us in the open.

The questions in front of us are genuinely unsolved. How do you attribute a model’s behavior back to the data that shaped it, and how much of that is even possible? How should compensation work when influence is diffuse? What does consent mean for an agent that acts in real time rather than a model trained once? We do not have clean answers to all of these. We have a structure to work them out in, and an insistence that the work happen in public.

This is the ground floor. Come build it with us.

The specs are on GitHub. Conversation happens on Discord. And if you just want to follow along, the email list is at the bottom of this page.

Want the next one in your inbox? Occasional updates, no spam.