A public clause. A public primitive. A public map.
GSA’s draft AI safeguarding clause was published 2026-03-06 with a comment period ending 2026-04-03. Knox primitives are already shipping on this site, with public endpoints and a public verifier. This page maps one to the other — clause requirement on the left, Knox primitive on the right, both independently verifiable. No engagement is implied; no qualification is claimed.
A reference artifact, not a pitch.
GSAR 552.239-7001, “Basic Safeguarding of Artificial Intelligence Systems,” is a draft GSA clause covering AI-system origin, government data handling, incident reporting, traceability, license rights, and unbiased-AI principles. The draft is public. The shape of the requirements is published. Knox is a public primitive set, verifiable from any browser and any Bitcoin full node.
What follows is the architectural map between the two — requirement-by-requirement. Bonis Systems makes no representation about award eligibility, qualification under the clause as finalized, or the determination of any contracting officer. The mapping is published because the relationship between the clause and the primitives is checkable from public surfaces.
The same primitives that satisfy this clause satisfy the architectural shape of FedRAMP incident reporting (under its faster reporting deadlines), 18 U.S.C. § 1030 preservation expectations, FRE 902(13)/(14) self-authentication patterns, and the AI-supply-chain audit posture that incoming clauses will continue to require. AAM is the post-deployment evidence layer; the clause is one of many that will demand it.
Clause requirement → Knox primitive.
Each row below summarizes one requirement from the draft clause and the Knox primitive that produces verifiable evidence of compliance. Clause text is paraphrased from the draft; the canonical text is on GSA’s site.
A note on event-type names. The Knox primitive column lists the architectural primitive that produces the evidence. Where a row names a specific event type (e.g. data_deletion_certified, security_incident_reported, gov_data_access, material_change_notice), that name is a clause-aligned extension of the live event taxonomy. The underlying anchoring primitive — SHA-256 commitment, sequence-numbered hash chain, hourly Merkle roll-up, Bitcoin anchoring, chain-of-command stamp — is already shipping. The taxonomy entry that labels the event is a one-line schema add per row.
American AI Systems
Contractor must use only American AI Systems in the performance of the contract. Use of foreign AI systems, including components manufactured, developed, or controlled by non-U.S. entities, is prohibited. Disclosure of AI systems used is required within 30 days of contract award.
Bonis Systems LLC is Wyoming-organized; inventor of record on all provisional applications is a single U.S. citizen; software is developed and deployed on U.S. infrastructure. SAM.gov UEI R2BPJDC5CBA3 and CAGE 1TSP2 are public. Disclosure-class Knox events anchor any AI-system manifest the contractor publishes, so subsequent disclosure changes are themselves auditable.
Government Data segregation and deletion
Government Data must be segregated from commercial data, must not be used to train or improve AI systems, must be deleted at the conclusion of the contract, and the deletion must be certified in writing.
Knox streams are namespace-isolated; each Government Data stream produces its own anchor sequence with its own chain-of-command. The deletion-certification artifact has a canonical byte representation, hashes to a single SHA-256, and is anchored on settlement; the certificate becomes self-authenticating evidence that the deletion occurred.
72-hour incident reporting + daily status
Contractor must complete the CISA incident reporting form and notify the contracting officer within 72 hours of any confirmed or suspected security incident, with daily status updates until resolution.
Each report (initial notice, every daily update, resolution memo) is anchored as a discrete event with chain-of-command stamp, sequence number, and content-addressed pointer to the artifact. Bitcoin anchoring fixes the moment of each report against the public chain; even a regulator with no access to Bonis or the contractor can reconstruct the timeline.
90-day preservation of logs, forensic images, and incident artifacts
Contractor must preserve relevant logs, forensic images, and incident artifacts for a minimum of 90 calendar days from a security incident involving Government Data to support law enforcement investigation.
The audit chain detects any silent rewrite of the preserved artifacts within the 90-day window. The artifacts themselves are stored by the contractor; Knox proves the artifacts retained match the artifacts originally produced, and proves the order in which they were produced.
Eyes-off data handling with logged human access
Contractor must restrict human review of Government Data except as strictly necessary for system functionality or incident response, with all human access logged, justified, and limited to the minimum necessary.
Each human access event anchors the operator identity, the justification document hash, and the content-addressed pointer to the data viewed. Justification documents themselves are anchored on creation, so a reviewer cannot retroactively author a justification after the access has occurred.
Traceability for human oversight
Contractor must provide traceability sufficient for human oversight of AI system actions, including reconstructible chains of cause and effect.
Every Knox event carries a chain-of-command stamp identifying the agent, policy, operator, and inputs under which it occurred. Sequence numbers per stream and hash-links to the previous anchor make the cause-and-effect chain reconstructible without re-trusting the contractor or the AI vendor.
Data portability in open machine-readable formats
Contractor must support data portability so that Government Data Inputs and Outputs may be exported in open machine-readable formats, preventing vendor lock-in.
Anchors and the artifacts they commit to are content-addressed; the verifier source is public; OpenTimestamps proofs are portable. A future operator with no Bonis credentials can verify the chain using only public Bitcoin tooling and the exported artifacts.
Government license rights
Contractor grants the Government an irrevocable, royalty-free, non-exclusive license to use the AI system for any lawful Government purpose.
The license-grant artifact is itself a document with a canonical byte representation. Knox anchors the grant on execution, fixing its content and the moment it took effect. Subsequent claims of revocation, amendment, or scope dispute can be tested against the anchored original.
Unbiased AI principles + truthfulness
AI systems must be consistent with Unbiased AI Principles, including truthfulness in responding to user prompts seeking factual information or analysis.
Knox supports anchoring of (prompt, response, policy reference) tuples for audit-class workflows. Bonis's own Truth Protocol — three-source rule, evidence ledger, smart-people standard — is published doctrine for Bonis-produced artifacts and is independently audited by tooling shipped in the workspace. The architectural primitive is event anchoring; the doctrinal primitive is the Truth Protocol itself.
Material-change notification (7 days)
Contractor must notify the Government of material changes to the AI system, the deployment, or the safeguarding posture within 7 days.
Each material-change notice is anchored as a discrete event with reference to the artifact that changed (model version manifest, infrastructure change order, safeguarding-control modification). The 7-day notification requirement is satisfied by the artifact itself; the audit chain proves the notification was issued on the date it claims.
What this gives you.
Independent verifiability
Anchors are published to the Bitcoin blockchain via OpenTimestamps. A regulator, a contracting officer, or a future operator can verify any anchor with public tooling alone — no Bonis cooperation required.
Tamper-evidence
The hash chain per stream detects any silent rewrite of a historical record. A legitimate amendment produces its own anchor with reference to the prior version; a silent rewrite produces no anchor and therefore a detectable gap.
Post-quantum resilience
Knox Agent #11 Layer 4 ships ML-DSA-44 / 65 / 87 (NIST FIPS 204) and SLH-DSA-128s / 192s / 256s (NIST FIPS 205). The audit chain is verifiable under threat models that assume future quantum-capable adversaries.
Self-authenticating affidavits
Every anchor resolves to a court-ready affidavit architected for FRE 902(13) and 902(14) self-authentication. Admissibility in any given matter remains a determination of the presiding court; the structural requirements are met by construction.
American-origin posture
Bonis Systems LLC is a Wyoming-organized U.S. company, inventor-of-record is a single U.S. citizen, and the software runs on U.S. infrastructure. SAM.gov UEI and CAGE are public. The architectural facts are checkable without re-trusting Bonis.
Above any control plane
Whichever control plane authorized the AI system and whichever runtime executed the call, the audit anchor is produced and verified outside that stack. The audit layer is independent, by design, of the layer being audited.
Evidence layer, not enforcement.
The doctrine that governs every Knox surface governs this one. Bonis Systems does not access third-party AI systems, does not operate counter-agents, does not undertake any offensive action against any external system, and does not assert any law-enforcement role. The audit layer produces evidence; lawful authority decides what to do with it. That posture is what makes the layer useful to a regulator, a court, or a contracting officer.
Public endpoints, public verifier, public chain.
The same primitives that anchor every other Knox event anchor a federal-compliance event. The endpoints, taxonomy, and verifier are public.