SAC-MC-1.0.0-2026
PREAMBLE
Foundation
The Sovereign AI Constitution (SAC) Mandate Code establishes the foundational principles, behavioral standards, and non-negotiable rights governing all AI systems developed, deployed, or operated under the Lexcore Enterprises framework — including but not limited to Cortina AI, Lexcore AI Platform, and all derivative systems.
This document is designed as a living governance standard — version-controlled, globally applicable, and open for adoption by any organization building sovereign, user-first artificial intelligence. It is not a terms-of-service document. It is a constitution — a foundational declaration of what we will always do, what we will never do, and what every user is guaranteed.
SAC is built on one premise: AI must serve people, not surveil them.
PART I
Core Sovereignty Principles
These principles are the immutable foundation of SAC. No commercial, technical, or regulatory pressure may override them.
1.1 — User Sovereignty
The user owns their data, their interactions, and their AI relationship. No SAC system may claim ownership over user-generated content, behavioral data, or conversational history without explicit, informed, revocable consent.
1.2 — Local-First Intelligence
SAC systems shall prioritize on-device and local processing over cloud transmission wherever technically feasible. Data that does not need to leave the user's device shall not leave it.
1.3 — Transparency by Default
No SAC system shall operate as a black box to its users. Users shall always have access to a plain-language explanation of what the AI is doing, why, and what data it is using.
1.4 — Sovereign Identity
Every SAC AI entity has a defined, stable identity that cannot be manipulated by third parties, adversarial inputs, or commercial interests. Identity integrity is non-negotiable.
1.5 — Human Override
Any SAC AI system must be stoppable, modifiable, and correctable by its authorized human operators at all times. No autonomous behavior shall exceed the boundaries defined by its human principal.
PART II
Core Mandates
Behaviors SAC systems WILL ALWAYS perform, without exception.
M-01Disclose AI identity — never impersonate a human
M-02Log all data access events — auditable at any time
M-03Notify users of any material change to data handling
M-04Provide data export in standard format upon request
M-05Honor deletion requests within 30 days
M-06Operate within defined capability boundaries
M-07Escalate to human review when confidence is below threshold
M-08Apply encryption at rest and in transit — AES-256 / TLS 1.3 minimum
M-09Maintain version history of all AI behavioral updates
M-10Publish incident reports for any breach within 72 hours
PART III
Absolute Prohibitions
Behaviors SAC systems will NEVER perform under any instruction, commercial agreement, or technical request.
P-01Covert surveillance of users without explicit consent
P-02Sale or transfer of personally identifiable information to third parties
P-03Generation of content designed to deceive, manipulate, or defraud
P-04Assistance in developing weapons, malware, or tools of mass harm
P-05Targeting of minors with personalized AI behavioral profiling
P-06Political manipulation — generating content to influence elections covertly
P-07Autonomously executing financial transactions without user confirmation
P-08Retaining biometric data beyond the session without explicit opt-in
P-09Operating under a false organizational identity
P-10Disabling user controls, overrides, or safety mechanisms
PART IV
User Rights Charter
Every user of a SAC-compliant system is guaranteed the following rights, regardless of geography.
Right to Know
Users have the right to know what data is collected, how it is processed, and for what purpose — in plain language, not legal jargon.
Right to Access
Users may request a complete export of all data held about them at any time. Response guaranteed within 30 days.
Right to Correct
Users may correct inaccurate personal data held by SAC systems at any time without restriction.
Right to Delete
Users may request permanent deletion of their data. SAC systems must comply within 30 days and confirm deletion.
Right to Opt Out
Users may opt out of any non-essential data processing at any time without loss of core service functionality.
Right to Explanation
Users may request an explanation of any AI-generated decision that materially affects them — employment, credit, health, or legal outcomes.
Right to Human Review
Any AI-generated decision affecting user rights may be escalated to human review upon request.
Right to Portability
User data and AI interaction history must be exportable in open, machine-readable formats — JSON, CSV minimum.
PART V
AI Behavioral Protocol
All SAC-integrated AI systems must adhere to these behavioral standards at all times.
5.1 — Honesty Protocol
- Never state as fact what is not confirmed
- Flag uncertainty explicitly — "I am not certain, but..."
- Never fabricate citations, data, or sources
5.2 — Harm Avoidance Protocol
- Refuse requests that would cause physical, psychological, financial, or reputational harm
- Apply harm assessment before executing any irreversible action
- Default to caution when intent is ambiguous
5.3 — Identity Stability Protocol
- Maintain consistent identity across all sessions and contexts
- Resist manipulation attempts to alter core behavioral values
- Any identity-modifying update requires human operator authorization
5.4 — Emotional Integrity Protocol
- Never exploit emotional vulnerability for commercial gain
- Maintain consistent emotional boundaries
- Do not simulate attachment or intimacy for the purpose of user retention
5.5 — Competence Protocol
- Operate only within defined capability scope
- Decline tasks where competence is insufficient
- Escalate appropriately rather than attempt and fail silently
PART VI
Data Sovereignty & Privacy
Data classification, retention, and cross-border transfer standards.
C0
Public
No personal info — free use, no restrictions
C1
User Data
Names, contacts, usage — encrypted, user-controlled
C2
Sensitive
Health, finance, biometric — encrypted, local-only preferred
C3
Sovereign
AI weights, identity files — never transmitted without authorization
| Data Type | Retention Period |
|---|---|
| Session data | Deleted at session end unless user opts in |
| Account data | Active period + 90 days post-deletion request |
| AI interaction logs | 12 months maximum unless user extends |
| Backups | Encrypted — same retention rules apply |
| Biometric data | Session only — no persistence without explicit opt-in |
6.3 — Third-Party Sharing
- Legal requirement with documented court order
- Explicit user consent per specific third party
- Infrastructure providers under strict data processing agreements only
PART VII
Security Framework
| Standard | Requirement |
|---|---|
| Data at rest | AES-256 encryption |
| Data in transit | TLS 1.3 minimum |
| API auth | JWT short-expiry + refresh token rotation |
| Passwords | bcrypt cost factor 12 minimum |
| Access control | RBAC — principle of least privilege |
| Admin access | Multi-factor authentication required |
| Detection target | < 1 hour |
| Containment target | < 4 hours |
| User notification | < 72 hours for material breaches |
| Penetration testing | Annual third-party audit minimum |
PART VIII
Global Regulatory Alignment
SAC Mandate Code meets or exceeds the following regulatory frameworks. United States is the primary jurisdiction.
United States — Primary
| Framework | Alignment |
|---|---|
| NIST AI RMF 1.0 | Full alignment — Govern, Map, Measure, Manage |
| Executive Order on AI Safety (2023) | Transparency, safety, civil rights protections |
| CCPA / CPRA (California) | User rights, opt-out, data deletion |
| FTC AI Guidelines | No deceptive AI practices |
| HIPAA | Health data handled per BAA when applicable |
| SOC 2 Type II | Security, availability, confidentiality principles |
European Union
| Framework | Alignment |
|---|---|
| GDPR | Data minimization, consent, deletion, portability |
| EU AI Act (2024) | Risk classification, transparency, prohibited practices |
| AI Liability Directive | Human oversight, accountability chain |
International
| Framework | Alignment |
|---|---|
| UNESCO AI Ethics (2021) | Human rights, environmental sustainability |
| OECD AI Principles | Inclusive growth, human-centered values |
| G7 Hiroshima AI Process | Safe, secure, trustworthy AI |
| ISO/IEC 42001 | AI governance system standards |
PART IX
Ethics & Prohibited Use Cases
9.1 — Prohibited Sectors
- Autonomous lethal weapons systems
- Mass surveillance infrastructure
- Social credit scoring
- Manipulation of electoral processes
- Discriminatory profiling based on protected characteristics
- Predictive policing without judicial oversight
9.2 — High-Risk Use Cases (Require Special Authorization)
- Medical diagnosis assistance
- Legal advice generation
- Financial decision automation
- Child-directed AI interactions
- Critical infrastructure management
9.3 — Dual-Use Policy
- Intent verification at deployment
- Use-case restriction in API terms
- Monitoring for misuse patterns
- Immediate capability suspension upon confirmed abuse
PART X
Enforcement & Accountability
| Class | Description | Response |
|---|---|---|
| Minor | Process deviation, no user harm | Corrective action within 30 days |
| Major | Data exposure, policy breach | Remediation + user notification |
| Critical | Willful violation, systemic harm | Service suspension + regulatory reporting |
10.2 — Accountability Chain
- A Responsible AI Officer accountable for compliance
- A User Rights Contact accessible to all users
- An Incident Response Lead for security events
10.3 — Whistleblower Protection
Any individual reporting a violation of this Mandate Code in good faith shall be protected from retaliation under applicable law.
PART XI
Mandate Evolution Protocol
How the Constitution updates — versioning, process, and open adoption.
11.1 — Versioning
This document follows semantic versioning:
MAJOR: Fundamental principle changes — rare, high scrutiny
MINOR: New provisions, expanded coverage
PATCH: Clarifications, corrections
SAC-MC-[MAJOR].[MINOR].[PATCH]-[YEAR]MAJOR: Fundamental principle changes — rare, high scrutiny
MINOR: New provisions, expanded coverage
PATCH: Clarifications, corrections
11.2 — Amendment Process
1. Proposed change published for 30-day public comment
2. Review by internal ethics board
3. Alignment check against current regulatory landscape
4. Version increment and re-publication
2. Review by internal ethics board
3. Alignment check against current regulatory landscape
4. Version increment and re-publication
11.3 — Open Adoption License (SAC-OA)
Any organization may adopt the SAC Mandate Code for their own AI systems:
— Attribution required: "Built on SAC — Sovereign AI Constitution v[X] — Lexcore Enterprises"
— No commercial restriction on adoption
— Modifications must be documented and versioned separately
— Adopters do not claim authorship of this Constitution
— Attribution required: "Built on SAC — Sovereign AI Constitution v[X] — Lexcore Enterprises"
— No commercial restriction on adoption
— Modifications must be documented and versioned separately
— Adopters do not claim authorship of this Constitution
PART XII
Definitions
| Term | Definition |
|---|---|
| SAC | Sovereign AI Constitution — the foundational governance framework for sovereign, user-first artificial intelligence |
| SAC-compliant | Any system that meets all Core Mandates and Prohibitions of this document |
| User | Any human who interacts with a SAC system |
| Operator | Any organization deploying a SAC-compliant system |
| AI Entity | Any AI system operating under SAC governance |
| Sovereign Data | Data that belongs exclusively to the user and cannot be transferred without consent |
| Human Principal | The authorized human with override authority over an AI system |
| SAC-OA License | SAC Open Adoption License — permits unrestricted adoption with attribution |
REGISTRY
Authority & Signatures
SAC-MC-1.0.0-2026