Eligibility & Appeals — Government
Eligibility and enforcement decisionsthat survive challenge months later.
Appeals, tribunals, oversight, and information requests don't judge your case system. They judge what you can prove was authorised within scope at decision time — and whether reliance stops when conditions change.
No Stamp → No Ship for eligibility and enforcement decisions.
- Appeal-ready by design: a Status Link verifiers can check outside the case system
- Reason-codes + scope that don't require exposing internal systems or personal data
- Refresh when policy/guidance/evidence changes; WITHDRAWN stops reliance wherever checked
- Ships with two artefacts: Status Link (authoritative now) + Evidence Pack (IDA format) (decision-time snapshot)
Fail-closed•Append-only•Scope-bounded
Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.
Why government buyers are moving now
Contestability pressure, policy drift, budget scrutiny, and AI governance expectations are converging.
Appeals and review pressure
High-impact decisions are challenged months later. Teams need decision-time proof that survives scrutiny.
Policy drift risk
Rules and guidance change. Old decisions must stop being relied on silently.
Oversight intensity
Audit, ombuds, tribunal, and information-request scrutiny requires checkable evidence, not narrative-only files.
Budget accountability
Programmes are expected to prove control effectiveness and value quickly, without replacing core systems.
Multi-vendor AI reality
Model, vendor, and workflow changes create hidden reliance risk unless verification is scope-bounded and revocable.
Public trust and scrutiny
When decisions affect people, trust depends on whether governance can be verified externally.
Good Proof supports verifiable governance evidence across changing policy, tooling, and oversight conditions. It does not certify legal compliance or decision correctness.
What a Stamp proves (and what it doesn't)
Proves (within lane scope)
- Decision class + outcome (approve/deny/grant/revoke/flag/appeal outcome)
- Decision-time timestamp
- Signer/authority reference
- Scope boundaries + expiry window
- Validity state (VALID / NEEDS REFRESH / WITHDRAWN / NOT VERIFIED)
- Evidence window for challenge/review
Does not prove
- Underlying truth of the case
- Outcome correctness
- Certification or regulatory compliance
- Personal data contents by default
In challenges: Status Link = reliance state now. Evidence Pack = fileable snapshot for the decision-time record.
Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.
Integration in 3 touchpoints
1
Issue
At decision issuance (approve/deny/grant/revoke/flag/escalate) → require a Stamp.
2
Notify
In notices, packets, tickets, and correspondence → include the Status Link.
3
Rely
At payment/enforcement/continued restriction/transfer → verify Status Link (fail-closed).
High-impact gating only. Everything else runs normally.
What an external reviewer actually does
- • Checks the Status Link
- • Sees current validity state + scope boundaries
- • If not VALID → reliance is blocked or escalated per runbook
- • Requests Evidence Pack with programme-configured redaction
- • Files challenge/review using decision-time snapshot + current state
Budget-safe adoption path
Start with one lane, prove control value, then scale.
Phase 1
30-day lane sprint
One high-impact decision class. Configure scope boundaries, evidence window, and status triggers. Prove verifier workflow outside the case system.
Phase 2
Control expansion
Extend to adjacent decision classes and exception lanes. Standardise runbooks for refresh/withdraw and escalation handling.
Phase 3
Cross-programme rollout
Apply shared verifier patterns, redaction matrices, and governance controls across departments and suppliers.
Designed for phased procurement and programme-level governance, not monolithic transformation.
Why now
Contestability + public transparency
Rising expectations for explainability and recourse for algorithm-assisted decisions across jurisdictions.
Oversight + FOI pressure
Increasing scrutiny from auditors, ombuds, tribunals, and information requests — with vendor accountability expectations.
Drift control
When policy, guidance, or tools change, old decisions continue to be relied on. Refresh/withdraw semantics prevent silent drift.
Good Proof doesn't decide outcomes; it makes governance verifiable at the moment it mattered — and reliance withdrawable when conditions change.
This is built for multi-vendor reality: policy changes, model updates, and evidence updates can't silently invalidate decisions.
FOI-safe by design
Proof ≠ payloads
Minimal disclosure by default
Evidence Pack with configurable redaction matrix
External verifiers don't need case-system access
Evidence Pack can be configured to disclose only what is necessary for the verifier's role
Global Coverage
Regulatory reality
No hype, no compliance claims — Public bodies are being pushed toward decision transparency, contestability, and defensible record-keeping.
EU
Contestability expectations + automated decision safeguards + public-sector AI governance pressure.
UK
Algorithmic transparency/recording expectations + tribunal evidence duties + administrative justice scrutiny.
US
Administrative review standards + records retention/FOI duties + increasing AI oversight.
Canada
Algorithmic Impact Assessment expectations + transparency and recourse requirements.
Australia
Post-Robodebt accountability expectations + administrative law review scrutiny.
Asia hubs
AI governance frameworks emphasizing traceability, controllability, and bounded risk.
Middle East
Public-sector digital transformation programmes are increasing expectations for decision traceability, authority control, and defensible records.
Africa
Scrutiny is rising around administrative fairness, records, recourse, and privacy-aware handling of case decisions.
Good Proof does not certify compliance. It provides verifiable governance evidence that is portable across review contexts.
Jurisdictional Configuration
Country overlays can be configured per programme
Examples include programme-specific mapping for UAE, Saudi Arabia, Kenya, Nigeria, and other jurisdictions where disclosure, retention, appeal handling, and verifier access requirements differ.
Configure scope boundaries, evidence windows, redaction matrix, and verifier checklist per jurisdiction.
Not legal advice. Final legal mapping is owned by programme counsel.
What gets stamped
High-impact decision classes — define per programme:
Benefit eligibility approvals/denials (with scope boundaries)
Permit and licensing determinations (grant/deny/revoke)
Sanctions / watchlist flags that trigger restrictions or escalations
Enforcement actions where reliance must be provable
Appeal outcomes and review decisions (scope + evidence window only — not full case narrative)
Exception grants and overrides
High-impact case escalations routed by tools/agents
Access grants/revocations for sensitive systems or data
If it gets challenged, does it survive?
PDFs are great for filing. Status Links keep them current. Portals don't travel. Oversight bodies need a link they can check today.
VALID
Decision stands.
Rely on it.
NEEDS REFRESH
Policy/evidence changed.
Re-verify before relying.
WITHDRAWN
Stop relying immediately.
Returned wherever checked.
NOT VERIFIED
No proof exists.
Block or escalate.
VALID = valid within scope (not a guarantee of outcome correctness).
If verification can't be performed, response is NOT VERIFIED — block or escalate.
When status changes — and what it means
Status triggers define when a Status Link moves to NEEDS_REFRESH or WITHDRAWN. Understanding these ensures fail-closed enforcement at execution time.
NEEDS_REFRESH
When any of these occur, re-verify before you rely.
Policy or guidance update (eligibility rules, enforcement thresholds)
Model/rule pack update, vendor change, or workflow version change
Material evidence change within the defined window (programme-defined)
Threshold changes (risk scores, escalation criteria, sanctions rules)
Tool-surface / capability scope change (what the system can execute)
Appeals guidance changes that alter what must be recorded/considered
Regulator circular or ministry guidance update affecting eligibility criteria or enforcement thresholds
Change to national ID, sanctions-screening, or risk-scoring dependency used in decision flow
Cross-border data handling rule change affecting evidence reliance conditions
Language/script workflow change that affects reason-code interpretation or reviewer accessibility
Proof of governance — not a dump of sensitive case data.
WITHDRAWN
Stop-rely signal. Execution must not proceed.
Confirmed policy/config error affecting the decision class
Material integrity issue discovered in the evidence source or model/rule pack
Compromised tool/workflow boundary (authority misuse risk)
Oversight-directed pause (e.g., internal audit finding, tribunal guidance shift)
New legal/operational constraint that invalidates reliance within scope
Court, tribunal, ombuds, or oversight-directed pause for the affected decision class
Confirmed configuration or policy mapping defect with material impact on in-scope outcomes
Integrity failure in upstream registry/feed relied on for decision issuance
Authority boundary breach in a delegated workflow
Fail-closed: Wherever the Status Link is checked, if WITHDRAWN → block or escalate.
Prompts can be hijacked. Status can't.
Good Proof reduces blast radius with hard gates + revocation, and makes decisions defensible where it matters: appeals, oversight, audits, and procurement.
No Stamp → block or escalate
Material change → NEEDS REFRESH
WITHDRAWN → stop relying immediately
Guardians are programme-scoped human finality for exception lanes only — designed to minimise sensitive data handling.
What's inside the IDA Evidence Pack
Programme-configured. Minimal disclosure by default.
Decision summary + lane scope boundary
Decision-time timestamp + evidence window
Policy/guidance identifier + version references
Workflow/tool surface identifier + version references
Signer/authority reference
Verification transcript + timestamps
Redaction matrix (what is intentionally excluded)
Proof ≠ payloads. Case files and personal data are excluded by default.
Procurement-ready terms
Suggested contract language
"Vendor shall issue a Good Proof Stamp for each [DECISION CLASS]. The Stamp shall include a Status Link that returns the current validity state. The Evidence Pack shall be available for export on request within [SLA]. WITHDRAWN status shall be returned wherever the Status Link is checked."
Not legal advice. Template language for your legal/procurement team.
Procurement pack available: architecture summary, data handling overview, subprocessors, retention options.
Schedule A (template — programme terms)
Definitions
High-Impact Decision Class: programme-defined category of decisions requiring verification.
Status Link: the verification endpoint returning validity state + scope boundaries.
Evidence Window: programme-defined period during which evidence is considered current.
Evidence Pack: time-stamped snapshot for filing/disputes (IDA format).
Scope Boundary: the defined limits within which the Stamp is valid.
Operating rules
- VALID required to proceed within scope
- NEEDS REFRESH / NOT VERIFIED / WITHDRAWN → block or escalate per lane runbooks
- Fail-closed: timeout/unreachable ⇒ NOT VERIFIED
Withdrawal semantics
WITHDRAWN is returned wherever the Status Link is checked.
SLA placeholders (programme-defined)
Verifier availability target, verifier response-time target.
Retention
Evidence Packs retained per policy/jurisdiction/programme needs.
Not legal advice. Template language for your legal team.
What you get in 30 days
One lane. One decision class. Production-ready.
One high-impact decision class defined (scope + evidence window + triggers)
Stamp issuance flow integrated into the decision workflow
Counterparty verification route tested (Status Link outside the case system)
Refresh/withdraw rules configured (no silent drift)
Challenge/appeal verifier checklist (what an auditor/tribunal checks)
Optional Guardian exception path (programme-scoped)
Who uses this in Government
Service Delivery / Programme Ops
Pain:
Appeals arrive months later and nobody can prove what was true then.
Outcome:
Book a Stamp SprintEvery high-impact decision has a verifiable Status Link + IDA snapshot.
Policy / Risk / Safeguarding
Pain:
Rules change but old decisions continue to be relied on.
Outcome:
Book a Stamp SprintWhen policy or thresholds change → NEEDS REFRESH until re-verified.
Legal / Oversight / Audit
Pain:
Evidence is narrative-heavy and system-bound; tribunals want something checkable.
Outcome:
Book a Stamp SprintVerifiable-by-link outputs with append-only history semantics.
Procurement / Commercial / Vendor Management
Pain:
Assurance depends on supplier statements and internal attestations.
Outcome:
Book a Stamp SprintPortable, verifier-checkable evidence with clear scope boundaries and withdrawal semantics.
Digital / CIO / CDIO / Architecture
Pain:
New controls often imply platform replacement and delivery risk.
Outcome:
Book a Stamp SprintLane-scoped integration at issuance, notification, and reliance checkpoints; no rip-and-replace assumption.
Data Protection / Records / FOI Teams
Pain:
Review pressure can trigger broad payload disclosure and manual retrieval burden.
Outcome:
Book a Stamp SprintMinimal-disclosure evidence model with configurable redaction matrix and role-appropriate verifier views.
Grants / Benefits / Revenue / Fraud Ops
Pain:
Eligibility and enforcement decisions are hard to defend consistently across changing thresholds.
Outcome:
Book a Stamp SprintStatus-linked reliance control: VALID to proceed; NEEDS REFRESH/WITHDRAWN/NOT VERIFIED to block or escalate.
Inspectorates / Regulators / Internal Controls
Pain:
Control testing is slowed by system-bound evidence and inconsistent logs.
Outcome:
Book a Stamp SprintAppend-only verification history with Evidence Pack snapshots for challenge and review workflows.
Comms / Press / Public Accountability
Pain:
Public incidents escalate when agencies cannot explain what was authorised at decision time.
Outcome:
Book a Stamp SprintDecision-time governance record + current reliance state support clearer, defensible external communication.
External verifiers
Includes: tribunals, ombuds, oversight bodies, auditors, authorised reviewers
Pain:
Verifying controls means internal system access, FOI requests, or manual attestations.
Outcome:
Book a Stamp SprintVerify by link without internal access by default.
Built for policy change and tool change
When rules, thresholds, models, or suppliers change, governance must stay checkable.
Material change triggers can move status to NEEDS REFRESH
WITHDRAWN propagates wherever checked
Fail-closed if verification is unavailable
Scope-bounded evidence prevents silent over-reliance
Due Diligence FAQs
Make high-impact decisions challenge-ready, oversight-ready, and reliance-safe.
One lane in 30 days. Scope-limited verification. No certification claims.
Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.