Key Takeaways
- Consent must be machine-readable for agents to respect it automatically
- Attribution is recorded in receipts, creating verifiable credit chains
- AIPREF (aipref.json) lets sites declare AI interaction preferences
- Proper consent + attribution protects both content owners and AI operators
The Problem
The web was built for humans browsing with web browsers. Terms of service are written in legal English. robots.txt was designed for search engine crawlers, not AI agents that consume and transform content.
This creates two problems:
- Content owners can't express preferences that agents understand - “training: no, RAG: yes, summary: yes with attribution” isn't something robots.txt supports.
- Agents can't prove compliance - even well-intentioned AI systems have no way to demonstrate they respected consent or provided proper attribution.
Machine-Readable Consent
Machine-readable consent means expressing permissions in formats that agents can parse and act on automatically. Key formats include:
AIPREF (aipref.json)
A JSON file at /.well-known/aipref.json that declares AI interaction preferences - training permissions, RAG access, summarization rights, required attribution, and pricing.
peac.txt
The PEAC policy file at /.well-known/peac.txt references aipref.json and adds payment requirements, receipt verification endpoints, and public keys.
HTTP Headers
Per-request consent can be signaled via headers, allowing dynamic permissions based on the requesting agent's identity or payment status.
Attribution in Practice
Attribution answers: “Where did this come from?” In agentic systems, this is captured through:
Source Recording
Receipts record the exact resource URL, timestamp, and content hash of accessed material
Credit Chains
When Agent B uses output from Agent A, the receipt chain traces back to original sources
License Compliance
Attribution requirements from AIPREF are embedded in receipts as verifiable commitments
Payment Proof
When attribution includes compensation, payment evidence is cryptographically linked
Standards & Protocols
The consent and attribution ecosystem includes several complementary standards:
- AIPREF - AI preferences standard for declaring training, RAG, and usage permissions
- PEAC Protocol - Policy discovery and verifiable receipts for agent interactions
- C2PA - Content provenance standard for media authenticity and attribution
- robots.txt - Legacy crawler control - still useful but insufficient for AI agents
Implementation
Get started with consent and attribution using Originary's tools: