Skip to main content

Content Standards Protocol

Content Standards プロトコルは、パブリッシャー環境から外に出せない一時的・機微なコンテンツに対して プライバシーを守りつつブランドセーフティを実現 します。

課題

従来のブランドセーフティは第三者検証が前提で、コンテンツを IAS や DoubleVerify に送って判定を受けます。静的な Web ページでは機能しますが、次のようなケースでは根本的に機能しません:
  • AI-generated content - ChatGPT responses, DALL-E images that exist only in a user session
  • Private conversations - Content in messaging apps, private social feeds
  • Ephemeral content - Stories, live streams, real-time feeds that disappear
  • Privacy-regulated content - GDPR-protected data that cannot be exported
こうしたプラットフォームでは 従来型の検証手段が存在しません。コンテンツを外に出せないためです。OpenAI はユーザー会話を外部に送れず、メッセージアプリはプライベートチャットをエクスポートできず、配信プラットフォームは消える前のリアルタイムコンテンツを共有できません。 Yet these are exactly the environments where advertising is growing fastest - and where brands most need safety guarantees. Without a privacy-preserving approach, brands either avoid these channels entirely or accept unknown risk.

解決策: キャリブレーションによる整合

Content Standards は エージェントを使ってプライバシーを守る ことで解決します。機微なコンテンツを外に出さない 3 フェーズモデルです:
PhaseWhere It RunsWhat Happens
1. CalibrationExternal (safe data only)Publisher and verification agent align on policy interpretation using synthetic examples or public samples - no PII, no sensitive content
2. Local ExecutionInside publisher’s wallsPublisher runs evaluation on every impression using a local model trained during calibration - content never leaves
3. ValidationStatistical samplingVerification agent audits a sample to detect drift - both parties can verify the system is working without exposing PII
これは従来モデルを逆転させたものです。「コンテンツを送って判定してもらう」のではなく、「基準を共有し、ローカルで評価し、統計的に監査する」形です。 ポイント: 実行エンジンはパブリッシャー内部で完結します。OpenAI なら社内でブランドセーフティ判定を行い、会話は外に出ません。メッセージアプリでもプライベートコンテンツは外部に出ません。キャリブレーションとバリデーションが、機微データに触れずにローカルモデルの正しさを担保します。

対象範囲

  • Brand safety - Is this content safe for any brand? (universal thresholds like hate speech, illegal content)
  • Brand suitability - Is this content appropriate for my brand? (brand-specific preferences and tone)

主要な考え方

コンテンツ評価では、バイヤーとセラーが次の 4 点をすり合わせます:
  1. What content? - What artifacts to evaluate (the ad-adjacent content)
  2. How much adjacency? - How many artifacts around the ad slot to consider
  3. What sampling rate? - What percentage of traffic to evaluate
  4. How to calibrate? - How to align on policy interpretation before runtime
これらのパラメータはプロダクト探索やメディアバイ作成時に協議されます。

ワークフロー

ポイント: 実行時の判定はスケールのためセラー側ローカルで行われます。バイヤーはサンプルを引き出し、検証エージェントで検証します。

隣接範囲(Adjacency)

How much content around the ad slot should be evaluated?
ContextAdjacency Examples
News articleThe article where the ad appears
Social feed1-2 posts above and below the ad slot
PodcastThe segment before and after the ad break
CTV1-2 scenes before and after the ad pod
Infinite scrollPosts within the visible viewport
Adjacency 要件はセラーがプロダクトカタログ(get_products)で定義します。バイヤーはこの保証をもとにプロダクトをフィルターできます: 
{
  "product_id": "reddit_feed_standard",
  "content_standards_adjacency_definition": {
    "before": 2,
    "after": 2,
    "unit": "posts"
  }
}

Adjacency の単位

UnitUse Case
postsSocial feeds, forums, comment threads
scenesCTV, streaming video content
segmentsPodcasts, audio content
secondsTime-based adjacency in video/audio
viewportsInfinite scroll contexts
articlesNews sites, content aggregators
プロダクトごとに価格に応じた異なる Adjacency 保証を提供する場合があります。

サンプリング率

What percentage of traffic should be evaluated by the verification agent?
RateUse Case
100%Premium brand safety - every impression validated
10-25%Standard monitoring - statistical confidence
1-5%Spot checking - drift detection only
サンプリング率はメディアバイで合意します: 
{
  "governance": {
    "content_standards": {
      "agent_url": "https://safety.ias.com/adcp",
      "standards_id": "nike_brand_safety",
      "sampling_rate": 0.25
    }
  }
}
サンプリング率が高いほどコストは上がりますが、保証が強まります。セラーは合意したサンプリング率を実装し、実際のカバレッジを報告する責任があります。

検証しきい値

When a seller calibrates their local model against a verification agent, there’s an expected drift - the local model won’t match the verification agent 100% of the time. Validation thresholds define acceptable drift between local execution and validation samples. Sellers advertise their content safety capabilities in their product catalog: 
{
  "product_id": "reddit_feed_premium",
  "content_standards": {
    "validation_threshold": 0.95,
    "validation_threshold_description": "Local model matches verification agent 95% of the time"
  }
}
ThresholdMeaning
0.99Premium - local model is 99% aligned with verification agent
0.95Standard - local model is 95% aligned
0.90Budget - local model is 90% aligned
これは契約上の保証です。 広告したしきい値よりドリフトが大きい場合、通常の配信乖離と同様に是正(メイクグッド、返金など)が期待されます。 このしきい値は「ローカルモデルを受け入れたとき、どれだけ基準順守を信頼できるか」というバイヤーの問いに答えます。

ポリシー

Content Standards uses natural language prompts rather than rigid keyword lists: 
{
  "policy": "Sports and fitness content is ideal. Lifestyle content about health is good. Entertainment is generally acceptable. Avoid content about violence, controversial politics, adult themes, or content portraying sedentary lifestyle positively. Block hate speech, illegal activities, or ongoing litigation against our company.",
  "calibration_exemplars": {
    "pass": [
      {
        "property_id": {"type": "domain", "value": "espn.com"},
        "artifact_id": "nba_championship_recap_2024",
        "assets": [{"type": "text", "role": "title", "content": "Championship Game Recap"}]
      }
    ],
    "fail": [
      {
        "property_id": {"type": "domain", "value": "tabloid.example.com"},
        "artifact_id": "scandal_story_123",
        "assets": [{"type": "text", "role": "title", "content": "Celebrity Scandal Exposed"}]
      }
    ]
  }
}
The policy prompt enables AI-powered verification agents to understand context and nuance. Calibration examples provide a training/test set that helps the agent interpret the policy correctly. See Artifacts for details on artifact structure and secured asset access.

Scoped Standards

Buyers typically maintain multiple standards configurations for different contexts - UK TV campaigns have different regulations than US display, and children’s brands need stricter safety than adult beverages. 
{
  "standards_id": "uk_tv_zero_calorie",
  "name": "UK TV - zero-calorie brands",
  "countries_all": ["GB"],
  "channels_any": ["ctv", "linear_tv"],
  "languages_any": ["en"]
}
Code Format ConventionsCountry and language codes are case-insensitive - implementations must normalize before comparison. Recommended formats follow ISO standards:
  • Countries: Uppercase ISO 3166-1 alpha-2 (e.g., GB, US, DE)
  • Languages: Lowercase ISO 639-1 or BCP 47 (e.g., en, de, fr)
The buyer selects the appropriate standards_id when creating a media buy. The seller receives a reference to the resolved standards - they don’t need to do scope matching themselves.

Calibration

Before running campaigns, sellers calibrate their local models against the verification agent. This is a dialogue-based process that may involve human review on either side:
  1. Seller sends sample artifacts to the verification agent
  2. Verification agent returns verdicts with detailed explanations
  3. Seller asks follow-up questions about edge cases
  4. Process repeats until alignment is achieved
Human-in-the-loop: Calibration often involves humans on both sides. A brand safety specialist at the buyer might review edge cases flagged by the verification agent. A content operations team at the seller might curate calibration samples and validate the local model’s learning. The protocol supports async workflows where either party can pause for human review before responding. 
// Seller: "Does this pass?"
{
  "artifact": {
    "property_id": {"type": "domain", "value": "reddit.com"},
    "artifact_id": "r_news_politics_123",
    "assets": [{"type": "text", "role": "title", "content": "Political News Article"}]
  }
}

// Verification agent: "No, because..."
{
  "verdict": "fail",
  "explanation": "Political content is excluded by brand policy, even when balanced.",
  "policy_alignment": {
    "violations": [{
      "policy_text": "Avoid content about controversial politics",
      "violation_reason": "Article discusses ongoing political controversy"
    }]
  }
}
See calibrate_content for the full task specification.

Tasks

Discovery

TaskDescription
list_content_standardsList available standards configurations
get_content_standardsRetrieve a specific standards configuration

Management

TaskDescription
create_content_standardsCreate a new standards configuration
update_content_standardsUpdate an existing standards configuration
delete_content_standardsDelete a standards configuration

Calibration & Validation

TaskDescription
calibrate_contentCollaborative dialogue to align on policy interpretation
get_media_buy_artifactsRetrieve content artifacts from a media buy
validate_content_deliveryBatch validation of content artifacts

Typical Providers

  • IAS - Integral Ad Science
  • DoubleVerify - Brand safety and verification
  • Scope3 - Sustainability-focused brand safety with prompt-based policies
  • Custom - Brand-specific implementations

Future: Secure Enclaves

The current model trusts the publisher to faithfully implement the calibrated standards. A future evolution uses secure enclaves (Trusted Execution Environments / TEEs) to provide cryptographic guarantees: Content never crosses the pinhole - only models flow in, only aggregates flow out.

The Pinhole Interface

The enclave maintains a narrow, well-defined interface to the verification service: Inbound (verification service → enclave):
  • Updated brand safety models
  • Policy changes and calibration exemplars
  • Configuration updates
Outbound (enclave → verification service):
  • Aggregated validation results (pass rates, drift metrics)
  • Statistical summaries
  • Attestation proofs
Never crosses the boundary:
  • Raw content artifacts
  • User data or PII
  • Individual impression-level data
This pinhole is the interface that needs standardization - it defines exactly what flows in and out while keeping sensitive content locked inside the publisher’s walls.

Why This Matters

  • Publisher hosts a secure enclave inside their infrastructure
  • Governance agent (from IAS, DoubleVerify, etc.) runs as a container within the enclave
  • Content flows into the enclave for evaluation but never leaves the publisher’s walls
  • Both parties can verify the governance code is running unmodified via attestation
  • Models stay current - the enclave can receive updates without exposing content
This provides the same privacy guarantees as local execution, but with cryptographic proof that the correct algorithm is running. The brand knows their standards are being enforced faithfully. The publisher proves compliance without exposing content. This architecture aligns with the IAB Tech Lab ARTF (Agentic RTB Framework), which defines how service providers can package offerings as containers deployed into host infrastructure. ARTF enables hosts to “provide greater access to data and more interaction opportunities to service agents without concerns about leakage, misappropriation or latency” - exactly the model Content Standards requires for privacy-preserving brand safety.
  • Artifacts - What artifacts are and how to structure them
  • Brand Manifest - Static brand identity that can link to standards agents