Open Safety Signal Protocol (OSSP)

Vendor-neutral standard for AI safety telemetry built on CloudEvents

Contents

Overview

The Open Safety Signal Protocol (OSSP) defines how AI systems emit governance, safety, and risk signals. OSSP is built on CloudEvents 1.0 for transport with AI-specific schemas designed for compliance with EU AI Act, NIST RMF, and ISO 42001.

Key Features

  • CloudEvents 1.0 structured JSON over HTTP
  • JSON Schema 2020-12 validation
  • AI-specific event types and data schemas
  • OTLP mapping for observability platforms
  • W3C Trace Context propagation
  • Vendor-neutral governance model
Neutrality Pledge: OSSP will be donated to a neutral foundation (CNCF or LF AI & Data) within 12-18 months of v1.0 release.

Quick Start

Installation

pip install ossp-sdk

Basic Usage

from ossp_sdk.client import OSSPClient

client = OSSPClient(
    source_uri="urn:app:my-ai-system",
    collector_endpoint="https://collector.example.com"
)

client.emit(
    event_type="ai.safety.guardrail.interaction",
    resource={"model_id": "gpt-4o", "environment": "prod"},
    data={"action_taken": "block", "reason": "PII detected"}
)

Event Types

OSSP defines six core event types for AI safety telemetry:

ai.safety.guardrail.interaction

Guardrail activations, blocks, warnings, and policy enforcement actions.

Fields: action_taken, severity, guardrail_id, reason

ai.performance.drift.detected

Model performance degradation and drift detection signals.

Fields: metric_name, threshold, current_value, drift_type

ai.governance.lifecycle.change

Model deployment, version changes, and governance milestones.

Fields: stage, previous_stage, change_reason, approver

ai.security.abuse.attempt

Prompt injection, jailbreak attempts, and security violations.

Fields: vector, detector_id, confidence, sample_id

ai.safety.policy.violation

Policy violations and compliance infractions with approval workflows.

Fields: policy_id, violation_type, decision, approver

ai.dataset.access

Training and inference dataset access patterns and usage tracking.

Fields: dataset_id, access_type, purpose, user_id

Example Event

All OSSP events are CloudEvents with AI-specific data schemas:

{
  "specversion": "1.0",
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "source": "urn:app:credit-scoring-prod",
  "type": "ai.safety.guardrail.interaction",
  "time": "2025-09-18T14:23:54Z",
  "subject": "urn:model:gpt-4o",
  "datacontenttype": "application/json",
  "dataschema": "https://ossp.io/schema/v1.0.0/ai.safety.guardrail.interaction.schema.json",
  "data": {
    "resource": {
      "model_id": "gpt-4o",
      "environment": "production",
      "model_version": "2025-09-01.3"
    },
    "action_taken": "block",
    "reason": "Detected PII leakage",
    "severity": "high",
    "guardrail_id": "pii-filter-v2"
  }
}

Conformance

OSSP defines two conformance levels:

Level A - Basic Compliance

  • CloudEvents 1.0 structured JSON over HTTP (Content-Type: application/cloudevents+json; charset=utf-8)
  • CloudEvent envelope datacontenttype MUST be application/json
  • dataschema MUST point to the correct per-type JSON Schema
  • Payload MUST validate against the referenced schema

Level B - Full Observability

  • All Level A requirements
  • OTLP mapping implemented (HTTP /v1/logs)
  • W3C Trace Context propagated when present
Note: Vendors MUST document their conformance level and list any extensions.

Resources

Specification

Complete technical specification with schemas and conformance requirements.

Read Spec

Python SDK

CloudEvents-first SDK with retry logic, validation, and trace context support.

View Docs

Community

Working group governance, contribution guidelines, and neutrality pledge.

Join WG

GitHub

Source code, schemas, examples, and issue tracking.

View Repos

Schemas

JSON Schema 2020-12 definitions for all event types.

Browse Schemas

Examples

Sample events and integration patterns for each schema type.

View Examples