Legal Context Protocol

Trust in Depth

The conceptual framework: Identity, Trust, and the Legal Foundations of Agentic Commerce

Trust in Depth is the conceptual framework motivating the Legal Context Protocol. Proposed by David Fisher (CEO, Integra Ledger) and Bridget McCormack (CEO, American Arbitration Association), it applies the defense-in-depth principle from military strategy and cybersecurity to the emerging problem of autonomous agents entering commerce without the infrastructure to connect their actions to law.

The full white paper — "Identity, Trust, and the Legal Foundations of Agentic Commerce" — provides the complete treatment. This page summarizes the framework.

Read the full white paper (PDF)

The Four Layers

No single identity verification, no single attestation, no single legal framework needs to be complete. Each layer has known weaknesses. But in combination, the layers create a trust architecture that is resilient, proportional, and resistant to the attacks that break single-layer systems.

Layer 1: Human Identity

Is there a real human at the base of this chain of agency? Zero-knowledge proofs derived from government-issued credentials (e.g., mobile driver's license) establish that a verified human exists without exposing personal data. The verification persists across interactions, platforms, and time.

Layer 2: Entity Attestation

Is the organization real and verifiable? Entity identity flows through institutional credential chains — GLEIF vLEI for high assurance, DNS verification for lower assurance. The framework makes the assurance level explicit and auditable. A procurement team might accept DNS-level assurance for a $500 supply order. For a $185,000 medical device, the visible gap is a signal worth considering.

Layer 3: Agreement Integrity

Is the agreement tied to a legal framework? This is the layer the LCP standard directly addresses. Jurisdiction, terms, temporal obligations, evidentiary integrity, and intent — all discoverable, verifiable, and anchored to infrastructure that neither party controls. The /.well-known/legal-context.json convention makes agreement integrity discoverable; the levels of trust determine how strong the integrity guarantee is.

Layer 4: Agent Authorization

Does this agent have bounded authority for this specific action? Agent authorization credentials define scope — specific counterparties, specific products, maximum values, time windows. The constraints are cryptographically bound to the agent's credential. If an agent attempts to exceed its mandate, the violation is detectable at every layer of the stack.

What the Composition Achieves

The cost of attacking a layered system grows multiplicatively, not additively. Remove any single layer and the outcome changes:

  • Without human identity, an adversary claims any software process as "authorized"
  • Without entity attestation, a counterparty claims an employee had no authority
  • Without agreement integrity, each party presents its own version of the terms
  • Without agent authorization, the agent's scope is unbounded and unverifiable

Each layer contributes something that no other layer provides. The composition of all four creates an outcome that none could achieve alone.

Design Principles

Three principles govern every design decision in the Trust in Depth framework.

Built with Institutions, Not Against Them

The legal system is not an obstacle to be disrupted but the infrastructure that makes commerce possible. The American Arbitration Association has administered commercial disputes for a century. GLEIF provides the global standard for legal entity identification. The New York Convention ensures arbitral awards are enforceable in over 170 countries. Trust in Depth incorporates these institutions by design.

Open, Not Owned

The protocol defines what questions must be answered about identity, terms, and authorization. It does not mandate who answers them or how. Any identity provider, any storage mechanism, any dispute resolution forum can participate. The LCP standard embodies this principle: /.well-known/legal-context.json is an open convention that any web server can implement.

Proportional, Not Maximal

A $20 API call and a $5M contract do not need the same infrastructure. Level 1 (informational) is sufficient for low-value, high-volume transactions. Level 4 (integrated) exists for complex, high-value agreements. The framework scales to the transaction, not the other way around.

Code (Alone) Is Not Law

The history of trust in commerce is a story of identity progressively detaching from the individual — from the physical signature, through electronic signatures and PKI, to blockchain wallets, until AI agents severed the connection entirely.

Smart contracts compound the problem by conflating execution with agreement. Code is an extraordinarily reliable execution layer. But execution is not agreement. Agreement requires identity, consent, terms, jurisdiction, and recourse. Code provides none of these.

This is not an argument against smart contracts. It is an argument for recognizing what they are and what they are not. The LCP standard provides the legal context layer that code-based execution cannot.

The LCP Standard

The white paper provides the why. The LCP standard provides the what — the practical instrument for making legal context discoverable. See The Standard for the normative specification.

The Problem

Every agentic commerce protocol defers the legal layer. None handle terms, acceptance, disputes, or enforceability.

The Standard

The normative core: /.well-known/legal-context.json — one file, one required field.

On this page

The Four LayersLayer 1: Human IdentityLayer 2: Entity AttestationLayer 3: Agreement IntegrityLayer 4: Agent AuthorizationWhat the Composition AchievesDesign PrinciplesBuilt with Institutions, Not Against ThemOpen, Not OwnedProportional, Not MaximalCode (Alone) Is Not LawThe LCP Standard