DPCH06 — Trustworthy (via Trust Signals)

“Emits Trust Signals”

What DPCH06 is really asserting​

DPCH06 is not asserting that:

“Someone claims the data is high quality or compliant.”

It is asserting that:

A Data Product continuously emits objective, verifiable trust signals that allow consumers, governance, and automation to assess confidence, risk, and fitness for use — without relying on trust in people or processes.

Trust must be earned, measurable, and inspectable.

The Essence (HDIP + Data Mesh Interpretation)​

A Data Product is trustworthy if and only if:

1. Trust is based on signals, not statements
2. Signals are machine-consumable and repeatable
3. Trust can be evaluated without human mediation

If trust depends on:

• “we know the team”
• “this is usually fine”
• “it worked last time”

then DPCH06 is not met, regardless of documentation quality.

Role of the Digital Product Passport (DPP)​

The Digital Product Passport (DPP) is the canonical carrier of trust signals for a Data Product.

In DPCH06 terms:

The DPP is where trust is made explicit, structured, verifiable, and portable.

The DPP does not create trust signals — it assembles and exposes them in a standardized way.

Typical trust domains captured in the DPP:

• Data quality metrics
• Lineage completeness
• Control and policy conformance
• Freshness and timeliness
• Certification or approval status
• Known risks and limitations

DPCH06 is where DPP moves from “nice idea” to essential infrastructure.

Positive Criteria — When DPCH06 is met​

DPCH06 is met when all of the following are true:

1. Trust signals are measurable and current​

The product exposes:

• quality metrics (e.g. completeness, accuracy, timeliness)
• freshness indicators
• lineage coverage indicators
• control execution or compliance status

Signals are:

• periodically refreshed
• timestamped
• attributable to authoritative sources

2. Trust signals are externally inspectable​

Consumers and governance can:

• view trust signals without privileged access
• assess risk before requesting or using the product
• automate decisions based on trust posture

This is where the DPP interface becomes critical.

3. Trust signals are product-level, not pipeline-level​

Signals apply to the Data Product as a whole, not just:

• individual tables
• single jobs
• isolated checks

This keeps trust aligned with the product abstraction.

Negative Criteria — When DPCH06 is not met​

DPCH06 is not met if any of the following are true:

❌ Trust is asserted, not evidenced​

Examples:

• “Certified” label without metrics
• Static documentation claiming compliance
• Manual sign-offs with no runtime signals

Assertions ≠ trust.

❌ Signals exist but are not surfaced​

Examples:

• quality dashboards exist but are not linked
• lineage tools exist but not exposed to consumers
• controls run but results are hidden

Hidden trust signals are equivalent to no trust signals.

❌ Trust depends on personal relationships​

Examples:

• “Ask the team if it’s OK”
• “This is used in production so it must be fine”
• “Only senior analysts should use this”

This is pre-product thinking.

Edge Cases (Important Guidance for Agents)​

Case 1: “Some trust signals exist, but fragmented”​

⚠️ Partial

Rationale:

• Quality exists, but lineage missing
• Controls exist, but freshness unclear
• Typical early maturity state

Case 2: “Trust signals exist but are not standardized”​

⚠️ Partial

Rationale:

• Signals cannot be compared across products
• DPP not yet acting as normalization layer

Case 3: “DPP exposes unified trust posture”​

✅ Met

Rationale:

• Signals are standardized
• Trust is portable and comparable
• Automation becomes possible

Evidence Signals an Agent Should Look For​

Authoritative evidence:

• Digital Product Passport (DPP) instance
• Machine-readable trust metrics
• Time-stamped evaluations

Supporting evidence:

• Links to DQ dashboards
• Lineage visualizations
• Control registry results

Red flags:

• PDF certifications
• Static wiki pages claiming quality
• Trust embedded in process, not product

How an AI Agent Should Decide​

Decision rule (simplified):

If trust in the Data Product cannot be assessed programmatically using observable signals, DPCH06 is not met.

Why DPCH06 Is Non-Negotiable​

Without DPCH06:

• reuse scales risk, not value
• governance becomes manual and reactive
• AI consumption is unsafe
• marketplaces cannot function credibly

Trust signals are what allow:

• safe self-service
• automated governance
• confident reuse across domains

Canonical Statement (for BPS)​

DPCH06 is satisfied only when a Data Product emits objective, measurable trust signals — exposed via a Digital Product Passport — enabling independent, automated assessment of quality, lineage, compliance, and reliability.