HI, 
As we  discussed, I am pushing this wrt to work group work t the email list, 

1. Nudge that there is a PII Controller Identification Record specification on the Wiki ?     This is the missing reference for the 27560 Profile and needed for the TPI-R (imho)  The Controller identification record specification (drafted here) If anyone is up or taking a peak? 

2. Also, Draft text wrt to adding informative appedendix for -  TPI-R to 27560 Universal Receipt profile v1 (for Convention 108 +  code of conduct)    with how they relate to assurance levels, now called Transparency and Trust Assurance (TATA) Levels, (needed to clarify  in relation to digit trust.)


Would there be any objection to including this as an informative practice indicating that  the profile I am submitting would be  verifiable using existing Kantara TPI-R methodology ?  And its presented as a regulatory utility in a transparency registry context.  (Chances are I can update before its submitted but no guarantees) 

- Best, 

Mark


**Status**: INFORMATIVE — This appendix does not affect conformance to the Universal Notice Receipt Profile v1.0

### L.1 Purpose
TPI-R (Transparency Performance Indicator Report) provides standardized methodology for verifying Universal Notice Receipt Profile implementation through four measurable indicators.

### L.2 Four Transparency Performance Indicators

**TPI-1 (Timing)**: Controller-ID presented BEFORE processing
- **Maps to**: Section 5.3 Anonymous-by-Default Architecture
- **Verification**: CIR publication timestamp vs. first processing event

**TPI-2 (Completeness)**: All mandatory CIR fields populated
- **Maps to**: Section 7.1 Mandatory Conformance Requirements
- **Verification**: ISO/IEC 27560:2025 field completeness check

**TPI-3 (Accessibility)**: Rights access point operational
- **Maps to**: Section 5.4 Controller Identification Record
- **Verification**: rights_access_point endpoint response time, Notice Event Log queryability

**TPI-4 (Security & Sovereignty)**: Scope of disclosure alignment with processing location
- **Maps to**: Section 6.1.2 Cross-Border Transfer Fields
- **Verification**: recipient_jurisdictions vs. actual processing locations, surveillance_risks disclosure accuracy

### L.3 TPI-R Scoring
- Each indicator scores: -1 (non-compliant), 0 (partial), +1 (compliant)
- Universal Notice Receipt Conformance requires: TPI-1 = +1, TPI-2 = +1, TPI-3 ≥ 0, TPI-4 ≥ 0
- Full compliance (all four +1) demonstrates transparency-by-default operational state

### L.4 Relationship to Conformance Levels
- **TATA Level 1** (Self-Assertion): TPI-R optional
- **TATA Level 2** (Registry Verification): TPI-R score ≥ 60% (3 of 4 indicators positive)
- **TATA Level 3+**: TPI-R score ≥ 75%+ with third-party audit

### L.5 Reference Implementation
See Kantara Initiative ANCR TPI-R Specification (Recommendation, August 2025) for complete assessment methodology.