Purpose
As AI systems become embedded in operational workflows, the quality, lineage, and trustworthiness of the data they consume becomes a governance risk, not just a data engineering problem.
MASC answers the question: what must be true about data before an AI system is permitted to act on it?
It sets a floor — a minimum contract — not a ceiling. Organisations may implement stricter controls. MASC defines what no AI-integrated system should fall below.
Scope
MASC governs data that flows into, through, or out of AI systems. This includes:
- Structured data (databases, API responses, CSV exports)
- Semi-structured data (JSON payloads, event streams, logs)
- Unstructured content (documents, emails, transcripts processed by AI)
- External data feeds (third-party integrations, webhooks, scraped data)
- Records and evidence (compliance documents, audit exports)
MASC explicitly does not govern human-originated work artifacts — tasks, instructions, and requests created by people. Those are governed by WNSC.
Core Principles
AI-Readiness
Data must be structurally and semantically safe for AI consumption before it enters the AI pipeline. This includes schema validation, field completeness, and known-format values.
Traceability
Every datum must be traceable from origin to consumption. Source system, extraction time, transformations applied, and rule set version must all be recorded.
Trust Scoring
Data quality and source agreement must be measurable. Records must carry a trust score derived from freshness, validation outcomes, source agreement, and conflict detection.
Data Minimisation
Raw content retention is restricted by policy. AI systems should operate on the minimum data necessary for the task. Personal data beyond what is required must not be retained.
Contract Enforcement
Schema and rule compliance is mandatory. Non-compliant records must be quarantined, not silently accepted. The AI pipeline is not the place to discover data quality problems.
Requirements
Data quality
| Requirement | Specification |
|---|---|
| Completeness | ≥ 98% completion rate for required fields across the dataset |
| Duplicate rate | ≤ 0.5% duplicate records on key entities |
| Validity | All values validated against canonical types or declared schemas |
| Freshness | Timestamp fields must be present and within declared staleness windows |
Lineage
Every field processed by an AI system SHALL record:
- Source system identifier
- Extraction or ingestion timestamp
- Transformations applied (rule set name and version)
- Any enrichment or inference steps
Lineage records MUST be immutable and queryable. Retroactive modification of lineage is a MASC violation.
Trust score
Each record MUST carry a computable trust score based on:
- Source agreement (cross-system consistency)
- Freshness relative to declared staleness policy
- Validation outcome (pass / advisory / fail)
- Conflict detection (contradictions with known records)
Privacy and security
- Processing is stateless by default — no PII retained beyond session unless explicitly required
- Sensitive fields must be masked or tokenised before AI processing unless explicit consent and legal basis exist
- Region-aware data residency must be enforced
- Least-privilege access controls apply to all AI pipeline components
Enforcement and quarantine
Records that fail MASC checks MUST be:
- Quarantined from the AI pipeline
- Annotated with the specific failure reason
- Hashed for traceability (to enable future reconciliation)
Raw content MUST NOT be retained in AI pipeline logs unless explicitly permitted by data governance policy.
Certification Levels
MASC defines three progressive certification levels. Higher levels are supersets — L3 compliance implies L1 and L2.
Schema + Lineage
Data conforms to a declared schema. Origin, extraction time, and transformation history are recorded and queryable.
Enrichment + Classification
L1 requirements met. Data is enriched with trust scores, domain classification, and conflict detection results before AI consumption.
AI-Critical Controls
L2 requirements met. AI pipeline operates under identity-locked guardrails, latency controls, and enforced output constraints. No individual evaluation permitted. All outputs are auditable.
MASC-L3 is the minimum level required for any AI system that produces governance outputs, compliance findings, or narratives that inform organisational decisions.
Reference Implementation
MASC is an abstract governance contract. Any system that satisfies its requirements may claim MASC compliance at the relevant level.
Catalyst by Stratogenic AI is the reference implementation of MASC. It enforces MASC compliance at every ingestion and execution boundary:
- All data ingested via the Catalyst API is validated against canonical schemas before entering the governance pipeline
- Lineage is recorded in the immutable, SHA-256-chained audit ledger on every state transition
- Trust scoring is computed and stored as
risk_efforton each flow item - The AI narrative layer (Safe Narrative Engine) operates at MASC-L3 — identity-locked, output-constrained, no individual evaluation permitted
- Non-compliant records are quarantined as proposals for human review before entering the flow cycle
Alternative implementations may exist provided they satisfy MASC's behavioural requirements at the claimed certification level.
Relationship to WNSC
MASC and WNSC (Work Normalisation & Systemic Clarity) are complementary frameworks that together define a complete AI-safe governance layer:
- WNSC governs human-originated work: the tasks, instructions, and requests that people create. It ensures they are canonical, unambiguous, and safe for automation.
- MASC governs the data those tasks flow through: AI systems must only act on data that meets MASC's quality, lineage, and trust requirements.
Together, WNSC + MASC ensure that AI-influenced actions are visible, controlled, and auditable at runtime — without requiring AI systems to act as compliance arbiters themselves.
Intellectual Property & Licensing
Copyright
© 2024–2026 Stratogenic AI Ltd. All rights reserved. Company number 16228684, registered in England and Wales.
Use and citation
You may reference and cite the MASC framework specification freely, provided attribution is given to Stratogenic AI Ltd and a link to this page is included where practical.
Implementation licensing
Building a system that claims MASC compliance or uses "MASC" as a certification label requires a written implementation agreement. Contact admin@stratogenic.ai for licensing enquiries.
Derivative works
Derivative frameworks that substantially incorporate MASC's structure, requirements, or certification levels require prior written permission from Stratogenic AI Ltd.