Neutrality & governance

TrustMCP is an open standard, not a product of any single company.

1. Open license. The spec, JSON Schemas, and reference implementations are Apache-2.0. Anyone may implement, host, fork, or extend them.
2. No verdict in the network. The network shares raw, current evidence and verifies identity + domain ownership. It never scores, rates, or certifies vendor quality.
3. No preferential access. No member gets privileged access to another member's evidence. Access is governed solely by the publishing vendor's grants.
4. Portability. Profiles are plain JSON behind a documented API; vendors can move between operators and customers can switch tools. No lock-in.
5. Multiple implementations welcome. The reference network and MCP server are starting points, not the only option.

The consortium

TrustMCP is intended to be stewarded by a neutral non-profit with a low-cost or no-cost path to participation:

• Publisher (vendors) - free; verified after domain verification.
• Consumer (customers / GRC tools) - free.
• Steward - funding members who govern the standard.
• Operator - entities running an accredited network node.

The governance drafts (charter, mark policy, membership, neutrality) live in the governance/ directory.