(Swiss private-law multilateral; EN controls; FR/DE companions may be issued. Cross-refs: ECT-1 (Nature), ECT-2 (Governance/CB Secretariat), ECT-3 (Interfaces), ECT-4 (Legal/Compliance), ECT-6 (Finance), ECT-7 (DR). “CB” = each Party’s non-executive Privy Council; “CSR” = Council System of Record; “CRE” = Council Register Extract.)
5.0 Principles, Scope, Definitions & Construction
5.0.1 Principles
(a) Public-interest first; lock-in last. IP and data terms must maximize safe re-use, reproducibility, and transparency while preventing vendor/donor capture (ECT-4.1).
(b) Risk-proportional controls. Tighter guardrails apply as stakes rise (privacy, safety, capital, geopolitics).
(c) Trust-minimized execution. Material acts require CB Pre-Clearance, CRE logging, and (where appropriate) Gazette summary with lawful redactions.
(d) Lawfulness & dignity. No term may compel unlawful processing or erode fundamental rights; Parties shall prefer privacy-preserving and safety-preserving technical designs.
5.0.2 Scope
This Article governs Background IP, Foreground IP, trademarks, standards participation, inbound/outbound licensing, data tiering and access, privacy and cross-border transfers, model/data governance, security & provenance, audits, and remedies for all ECT workstreams and artifacts (code, models/weights, datasets, documentation, designs, term sheets, dashboards).
5.0.3 Key Definitions
“Background IP”: IP owned/controlled by a Party independently of the ECT or developed outside ECT scope.
“Foreground IP”: IP first created within ECT work or derived primarily from ECT resources.
“Open Data (Tier-O)”: public, attribution-licensed data; privacy/safety cleared.
“Shared Data (Tier-S)”: restricted to Parties/accredited users under Data-Room Rules.
“Restricted Data (Tier-R): personal, confidential, controlled, or sensitive data; access via clean-rooms/need-to-know only.
“Model Risk Tiers”: L/M/H/S (Low/Medium/High/Safety-critical) classification set in ECT-T with corresponding validation, red-team, and release gates.
“Cards”: standardized Model Cards and Data Cards (intended use, limits, calibration, uncertainty, governance, licenses).
“FRAND”: fair, reasonable, and non-discriminatory licensing terms suitable for public-interest deployment.
5.0.4 Construction & Hierarchy
(a) Core Articles prevail over Annexes; later-dated Annexes supersede prior on the same topic.
(b) Where a Party’s internal rule is stricter, it prevails for that Party.
(c) EN controls; FR/DE companions may be issued (Art. 5.2 of GRF Bylaws).
5.1 Background & Foreground IP
5.1.1 Ownership Baseline
(a) Background IP remains with the owner; no implied licenses beyond those expressly granted.
(b) Foreground IP: ownership follows creator-controls unless a CB-cleared Workstream Charter or Joint Ownership & Exploitation Agreement (JOEA) provides joint ownership or assignments for specific artifacts.
(c) No assignment by conduct. Collaboration, co-branding, or hosting does not transfer ownership.
5.1.2 Inbound Contributions
(a) Contributor Terms. External contributions (code/models/data/docs) use CB-approved inbound licenses (e.g., CLA/DCO, permissive or weak-copyleft as mapped in ECT-I).
(b) Freedom-to-operate. Contributors warrant right to contribute, absence of undisclosed encumbrances, and provide provenance evidence (hashes, chain of custody) for CSR.
5.1.3 Outbound Licensing
(a) Public-good default. Foreground IP intended for public benefit is released under Open (Apache-2.0/MIT/BSD; CC-BY/ODC-BY for data/content) or FRAND per ECT-I.
(b) Commercial modules. Non-exclusive, non-transferrable licenses preserving: (i) ECT research/benchmark rights; (ii) anti-tethering (no forced exclusivity); (iii) safety/independence obligations; (iv) transparency of material restrictions.
(c) Sublicensing only as the outbound license allows; same independence/safety covenants must flow down.
5.1.4 Improvements, Derivatives & Grant-Backs
(a) Improvements to Background IP made under ECT belong to the improver; the originator receives a FRAND field-of-use grant-back for ECT purposes unless expressly waived.
(b) Derivatives of Open Foreground IP must carry forward licenses, attribution, and safety disclosures.
5.1.5 Trademarks & Attribution
(a) No implied trademark rights; nominative use only with accuracy and non-endorsement.
(b) Co-branding/lock-ups require ≥4/5 Joint Committee approval and CB conditions (ECT-4.1); text-only acknowledgment preferred.
5.1.6 Patents, Standards & SEPs
(a) Parties may seek patents over Foreground IP provided Open/FRAND commitments are honored for public-interest use.
(b) If Foreground IP becomes standards-essential, declared SEPs must be licensed on FRAND terms; declarations and licensing commitments are filed in CSR and sign-posted publicly where feasible.
5.1.7 Confidentiality & Publication Review
(a) Confidential Information is protected for 5 years from disclosure (or longer where law/license requires).
(b) Publication review window: 10 Business Days for CB/Legal/Privacy/Export checks (extendable on legal necessity). Silence = approval unless safety/privacy flags exist.
(c) Pre-publication safety check is mandatory for Tier H/S models or data (ECT-T).
5.2 Data Licensing; Open/Shared/Restricted Tiers
5.2.1 Tiering, Access & Examples
(a) Tier-O (Open): climate rasters, anonymized hazard indices, codebooks; ODC-BY/CC-BY; attribution + provenance.
(b) Tier-S (Shared): administrative microdata, partner feeds, in-situ sensor streams; licensed via Data-Room Rules (click-through or bespoke).
(c) Tier-R (Restricted): personal data, commercially sensitive, export-controlled, or safety-critical; access via VDR/clean-room, need-to-know, time-boxed keys; dual approval (Data Steward + CB note).
5.2.2 Licensing & Use Conditions
(a) Approved license catalog in ECT-D; deviations require CB Pre-Clearance.
(b) Attribution & citation: dataset DOI/handle + CRE reference.
(c) Prohibitions: de-anonymization, re-identification attempts, scraping outside license bounds, prohibited jurisdictions/end-uses (ECT-4.4).
(d) Derivatives must include updated Data Cards, lineage, and license continuity.
5.2.3 Versioning, Provenance & Quality
(a) Semantic versioning & immutable hashes for each release; changelogs in CSR.
(b) Data Cards: sources, methods, QA/QC, uncertainty, limits, license, restrictions, contacts.
(c) Lineage tracking across ETL; reproducibility receipts; periodic drift monitoring with thresholds and remediation workflow.
5.2.4 Access Governance & Audit
(a) Join/leave controls; quarterly access recertification; revocation ≤24h from status change.
(b) ABAC/RBAC, PAM for admins; dual-control for exports; immutable admin logs.
(c) Audit trails retained ≥10 years (or stricter law/license). Sampling and anomaly alerts are mandatory for Tier-R.
5.2.5 Clean-Rooms & Federated Techniques
(a) Clean-rooms enforce policy-based joins, k-anonymity/DP disclosure controls, and query auditing.
(b) Privacy-preserving methods (pseudonymization, DP, secure enclaves/TEEs, federated learning) are used where feasible and proportionate.
5.3 Privacy & Data Transfers (FADP/GDPR/UK GDPR)
5.3.1 Roles, DPAs & Sub-processors
(a) For each flow, Parties map controller/processor/joint-controller roles in ECT-P.
(b) Standard DPA terms (purpose, instructions, security, breach, sub-processing) are mandatory; sub-processors require prior written authorization, security equivalence, and CSR listing.
5.3.2 Lawful Bases & Special Categories
(a) Lawful bases (public-interest/legitimate-interest/consent/contract) are recorded in Data Cards and ECT-P.
(b) Special-category data (health, biometrics, etc.) requires explicit legal basis, minimization, and heightened controls; child-related processing receives additional safeguards.
5.3.3 DPIA, TIAs & Cross-Border
(a) DPIA is required for high-risk processing; mitigations tracked to closure.
(b) Cross-border: SCCs (EU 2021) + TIAs; UK IDTA/Addendum if applicable; Swiss FADP adequacy checks; supplementary measures (encryption, key split, access minimization) where adequacy is absent.
(c) Deemed exports treated per ECT-4.4.
5.3.4 Data Subject Rights (DSARs) & Transparency
(a) Lead DPO coordination; identity verification; response within statutory timelines; complex multi-Party requests use a one-stop mechanism.
(b) Privacy notices: layered, plain language on portals and artifact pages; link to CRE for transparency.
5.3.5 Breach Notification & Handling
(a) Internal notice to Parties ≤24h of discovery; regulator notices per law (generally ≤72h); data subjects informed where risk warrants.
(b) Post-incident report (cause, scope, remedy) filed in CSR; Gazette summary with lawful redactions.
(c) Legal holds applied immediately; evidence preserved under privilege.
5.3.6 Retention & Deletion
(a) Purpose-bound retention schedules in ECT-P; default minimization.
(b) Deletion/return at end of processing; cryptographic erasure; archival exceptions documented with legal basis and review cadence.
5.4 Security, Model Governance & Provenance
5.4.1 Baseline Security Controls
(a) Frameworks: ISO/IEC 27001/27002 (or equivalent), 27017/27018 for cloud/privacy; SOC 2 acceptable; CIS benchmarks for hardening.
(b) Identity: SSO+MFA; ABAC/RBAC; PAM for admin; JIT elevation.
(c) Crypto: TLS in transit; AES-class at rest; keys in HSM/secured modules; rotation policies; split-knowledge for Tier-R.
(d) Vuln mgmt: P0 patch ≤24h; P1 ≤7d; quarterly scans; annual pen-test; red-team for Tier H/S.
(e) Resilience: encrypted backups; tested DR/BCP with defined RTO/RPO; tamper-evident (WORM) logs and SIEM integration.
(f) Vendor security: due diligence (Bylaw 7; ECT-4.3), contract controls, right to audit, breach-notice covenants.
5.4.2 Model Governance (Tiered)
(a) Tier L/M: basic validation, overfitting checks, uncertainty reporting.
(b) Tier H: independent validation; Model Card with calibration (e.g., Brier/CRPS), fairness/error analysis; rollback plan.
(c) Tier S (Safety-critical): dual validation (internal + external), red-team report, human-in-the-loop where feasible, kill-switch, AIA (Algorithmic Impact Assessment) filed; CB Pre-Clearance required for release or deployment.
(d) No black-box deployment in Tier H/S; interpretability commensurate with risk.
5.4.3 Supply Chain & Software Integrity
(a) SBOM for released software/models; license compliance scanning; dependency risk tracking.
(b) Build integrity: signed builds, reproducible pipelines, artifact hashing, four-eyes promotion, release attestations.
5.4.4 Provenance, Authenticity & Watermarking
(a) Provenance chain: cryptographic hashes, timestamps, authorship, CRE references for data/models/reports.
(b) C2PA-style authenticity or equivalent for public artifacts; watermarking or signature of model artifacts; dataset tamper/poisoning checks with quarantine workflow.
5.5 Compliance, Audit, Enforcement & Remedies
5.5.1 CB Clearance & Registers (Mandatory)
(a) The following acts are Material and require CB Pre-Clearance and CRE logging: public releases of Foreground IP; Tier changes (O→S→R); Tier H/S model deployments; cross-border data transfers without adequacy; contractual indemnities beyond templates; FRAND/SEP commitments; escrow/custody arrangements for DRF rails; any deviation from approved licenses.
(b) Standing Clearances may be issued for templated, low-risk repetitions (subject to periodic re-validation).
5.5.2 Audit & Access
(a) Each Party keeps accurate, complete records of IP/data security, access logs, and compliance for ≥10 years (or stricter law/license).
(b) Upon reasonable notice, Parties may audit each other’s ECT-scoped controls (desk review or on-site), respecting confidentiality and export/privacy limits; findings and remediation plans are filed in CSR.
5.5.3 Violations & Cure
(a) Cure notice: 30 days (shorter for safety/privacy/export breaches).
(b) Remedies (without prejudice to law): suspension of access; license termination for cause; injunctive relief; destruction/return of Restricted Data; clawback of improper gains; public corrigendum in Gazette; referral to competent authorities where required.
(c) Proportionality: remedies scaled to risk and intent; inadvertent, promptly cured breaches may be resolved by undertakings and audits.
5.5.4 Warranties, Disclaimers & Liability
(a) Each Party warrants authority to license its Background/Foreground IP and to comply with law.
(b) No warranty of fitness for external re-use unless expressly stated; Parties disclose known limitations in Cards.
(c) Liability caps for non-intentional breaches may be set in ECT-L (Liability & Remedies Annex) except for wilful misconduct, unlawful intent, or statutory liabilities.
(d) Indemnities: where agreed in a CB-cleared instrument, indemnities are limited, back-to-back with insurance, and exclude indirect or consequential loss unless mandated by law.
5.5.5 Termination & Survival
(a) On exit or suspension (ECT-7.2), access to Tier-S/R data and unpublished artifacts ceases immediately; Open artifacts remain as licensed.
(b) Duties on confidentiality, privacy, export controls, attribution, and audit rights survive for the longer of 5 years or the period required by law/license.
5.6 Annexes (Normative; maintained by Joint Committee)
- ECT-I — IP & Licensing Schedule: inbound/outbound templates; Open/FRAND mappings; JOEA models; SEP/FRAND policy.
- ECT-D — Data Tiering & Licenses: license catalog; Data-Room Rules; sample Tier transitions; lineage patterns.
- ECT-P — Data Processing & Privacy Schedules: role maps; DPA; ROPA; retention tables; DPIA/TIA templates; DSAR SOP.
- ECT-T — Model/Data Governance & Red-Team: tier definitions; validation metrics; AIA template; release gates.
- ECT-V — Valuation of In-Kind: auditable valuation methods; evidence packs; review cycle.
- ECT-R — Revenue-Share & Facilitation Rules: classes, splits, reserves for public-good maintenance.
- ECT-S — Security Baseline & Vendor Controls: identity, crypto, patch SLAs, DR/BCP, vendor DD, pen-test cadence.
- ECT-L — Liability, Indemnity & Remedies: caps, exclusions, defense/settlement control, insurance back-to-back.
Design result: A Swiss-grade, future-proof framework that keeps IP and data open where safe, restricted where necessary, and provably governed—with clear ownership, licensing, privacy, security, provenance, audits, and enforceable remedies so ECT cooperation scales lawfully, independently, and credibly.