Global Marketplace Metadata
Governance Framework

XB2BX operates a global B2B algorithmic marketplace in which the accuracy, classification, ownership, and status of every content object directly impacts regulatory compliance, counterparty trust, search integrity, and legal liability. Metadata controls are the technical and governance mechanism by which these properties are captured, maintained, verified, and enforced throughout the content lifecycle.

This framework establishes the authoritative rules for what metadata must be attached to each class of content, how that metadata must be validated, who is responsible for maintaining it, and what happens when it is incomplete, inaccurate, or fraudulently supplied.

• Accuracy: Every metadata field must truthfully represent the actual state of the content object at the time of submission and must be updated immediately upon any material change.
• Completeness: Mandatory metadata fields must be populated before any content object is permitted to enter an active, visible, or tradeable state within the platform.
• Traceability: The full chain of custody — from original submission through every modification, moderation action, or status change — must be immutably recorded in the platform audit log.
• Non-repudiation: All metadata submissions are cryptographically timestamped and attributed to the authenticated user account that performed the action. Denial of authorship is not a valid defence.
• Proportionality: Metadata requirements are calibrated to the risk profile of the content category. Higher-risk content (dual-use goods, regulated materials, financial instruments) carries expanded mandatory fields.
• Data Minimisation: Metadata collected shall not exceed what is necessary for the stated governance and operational purpose, consistent with UK GDPR Article 5(1)(c).

Every content object published to the XB2BX platform, regardless of category, must carry the following Universal Base Metadata. These fields are non-negotiable and are enforced at the platform API layer prior to any content entering an indexable or tradeable state.

Trade documents — including but not limited to certificates of analysis, phytosanitary certificates, bills of lading, inspection reports, customs declarations, and letters of credit — carry elevated metadata obligations given their role as legal instruments in international commerce.

• document_type: Enumerated classification from the Document Classification Matrix above.
• issuing_authority: Full legal name and country of the organisation that issued the document. Must not be the submitting entity itself for third-party verification classes.
• issue_date: ISO 8601 date. Cannot be a future date. Documents dated more than 12 months prior require compliance review before activation.
• expiry_date: Required for all certificate types. Platform will auto-suspend any listing linked to an expired document at 00:00 UTC on expiry date.
• document_reference_number: Unique identifier assigned by the issuing authority. Must be unique per issuing authority within the platform database.
• linked_listing_ids: Array of listing UUIDs this document supports. A document cannot be unlinked from a listing that has active trades referencing it.
• content_hash: SHA-256 of the document file at the point of upload. Any subsequent file replacement resets moderation status to unreviewed.
• falsification_risk_flag: Auto-set by document forensic engine. Flagged documents are quarantined pending manual review.

The platform operates an automated image authenticity pipeline. Uploaded images are cross-checked against a proprietary database of known stock photography libraries, reverse image search APIs, and AI-generation fingerprint detection models. Images triggering authenticity flags are held in moderation pending manual review. Entities with more than three authenticity violations in a rolling 12-month period will have their media upload privileges suspended.

Provenance metadata establishes the verified origin and unbroken chain of custody for any content object or physical good represented on the platform. This is particularly critical for regulated commodities, goods subject to sanctions screening, and products with geographic indication protections.

• supply_chain_tier: Enumerated position in supply chain (manufacturer | processor | distributor | trader | broker). Self-declared but subject to verification.
• manufacturer_entity_id: XB2BX registered entity UUID of the actual manufacturer, where known. Required for goods claiming country-of-origin preferential tariff treatment.
• batch_lot_number: Production batch or lot identifier assigned by the manufacturing entity. Must correspond to attached quality documentation.
• production_date_range: ISO 8601 date range specifying manufacturing or harvest period. Cannot post-date the submission date.
• custody_transfer_log: Append-only array of custody events. Each event records entity ID, timestamp, action type, and optional document reference.
• geographic_indication: Applicable GI or PDO/PGI designation where legally protected (e.g., EU GI Register reference). Claiming a protected designation requires supporting documentation.
• conflict_mineral_declaration: Required for goods containing tin, tantalum, tungsten, or gold (3TG). Must reference a compliant OECD Due Diligence smelter audit or equivalent.

• Prohibited Category Keyword Match: Content matching terms on the XB2BX Prohibited Goods Register is automatically rejected and referred to the Compliance team.
• Document Forensic Anomaly: AI-based analysis detecting signs of digital alteration in uploaded certificates or documents triggers Flagged status.
• Quantity Anomaly: Declared quantities exceeding statistical norms for the submitting entity's verified supply capacity trigger a Flagged status and T3 verification requirement.
• Price Anomaly: Prices deviating more than a defined percentage from market reference data trigger a Flagged status pending review.
• Duplicate Content Hash: A content hash matching an existing Rejected or Suspended object triggers automatic rejection of the new submission.
• Sanctions Hit: Any positive match in sanctions screening immediately moves content to Suspended status with concurrent Compliance team notification.

• sanctions_screen_timestamp: UTC datetime of most recent screening run. Must be within 24 hours for any active listing.
• sanctions_screen_result: Enum: clear | hit_pending_review | confirmed_hit | false_positive_cleared
• screening_engine_version: Reference to the sanctions list version used. Critical for audit trail defence in case of regulatory enquiry.
• export_control_classification: Applicable Export Control Classification Number (ECCN) or UK Schedule reference. Mandatory for technology, software, and dual-use goods.
• end_user_declaration_required: Boolean — set to true automatically for items on the Military End-Use list or where the HS code falls within dual-use categories.

All content objects submitted to the XB2BX platform carry implicit or explicit intellectual property claims. This section governs how IP ownership, licensing status, and third-party rights are recorded, validated, and enforced in platform metadata.

• ip_ownership_declared: Boolean confirmation that the submitting entity either owns the IP in the submitted content or holds a valid licence to submit and display it on the platform.
• trademark_references: Array of registered trademark identifiers (TMкласс, class, jurisdiction) that the listing invokes. Unregistered claims must be marked as such.
• patent_references: Applicable patent numbers for goods where patented technology is a claimed attribute. Expired or ungranted patents must be flagged.
• third_party_brand_flag: Boolean — set automatically if listing content contains brand names not registered to the submitting entity. Triggers brand verification workflow.
• content_license: For media and document assets, the applicable licence type must be declared (proprietary, Creative Commons variant, royalty-free commercial, etc.).
• takedown_history: Immutable record of any prior IP takedown notices associated with the content object or submitting entity. Accessible to Compliance team only.

Content object status transitions are governed by strict rules. Not all transitions are permitted, and certain transitions are irreversible. The table below defines the authorised state machine.

• Certificate Expiry: Any content object linked to a document whose expiry_date has passed is automatically moved to Suspended at 00:00 UTC on the expiry date.
• Quantity Depletion: When a listing's available quantity reaches zero through confirmed trades, it is automatically moved to Archived.
• Entity Deactivation: All Active content belonging to an entity whose account is suspended or deactivated is moved to Suspended. Content belonging to a terminated entity is Archived after 30 days.
• Sanctions Re-Screen: All Active listings are re-screened against updated sanctions lists within 4 hours of list publication. Any new positive matches trigger immediate Suspension.

• ai_generation_flag: Boolean — must be set to true for any content produced or substantially modified by an AI system. Platform may auto-detect and override if detection signals fire.
• ai_model_reference: Name and version of the AI model(s) used (e.g., GPT-4o, Claude 3.5, Stable Diffusion XL). Required if ai_generation_flag is true.
• human_review_completed: Boolean — AI-generated content must be reviewed and approved by a verified human user before publication. Automated submission pipelines cannot bypass this requirement.
• ai_accuracy_attestation: The human reviewer must attest that AI-generated factual claims (quantities, specifications, certifications) have been independently verified against primary sources.
• generation_prompt_hash: SHA-256 of the prompt or instruction set used to generate the content, for internal audit purposes. Not publicly exposed.

• No AI-Generated Legal Instruments: Certificates of origin, inspection reports, bills of lading, and other legal trade documents must be issued by an accredited human or institutional authority. AI-generated versions will be automatically rejected.
• No Synthetic Product Imagery: Product images must represent the actual goods being offered. AI-generated or digitally rendered product images that do not accurately represent the actual goods are prohibited.
• AI Classification Assistance: Where the platform's AI classification engine suggests HS codes, quality standards, or category tags, these constitute recommendations only. The submitting entity bears sole responsibility for the accuracy of all submitted metadata.

The XB2BX platform maintains an immutable, tamper-evident audit log for every action that creates, modifies, or changes the status of a content object or its associated metadata. This log is the authoritative record for compliance investigations, regulatory enquiries, dispute resolution, and forensic analysis.

• Immutability: Audit records cannot be modified or deleted by any user, including platform administrators. Append-only storage with cryptographic chaining ensures integrity.
• Retention: Audit logs are retained for a minimum of 7 years from the date of the logged event, consistent with UK company records requirements and HMRC guidelines.
• Access Controls: Full audit log access is restricted to XB2BX Compliance Officers and authorised legal representatives. Entities may request their own audit trail via the Subject Access Request process (GDPR Article 15).
• Regulatory Disclosure: XB2BX will disclose audit log records to UK regulatory authorities (HMRC, FCA, NCA, OFSI) and law enforcement pursuant to valid legal process without further notice to the affected entity where disclosure would compromise an investigation.

As a global B2B marketplace, XB2BX processes metadata submitted by and relating to entities in jurisdictions across the world. Cross-border data flows involving personal data or commercially sensitive metadata are governed by the following framework.

• Russian Federation, People's Republic of China: Data relating to transactions involving entities in these jurisdictions is subject to additional screening and may be subject to data localisation requirements under applicable local law. XB2BX complies with applicable UK and EU trade restrictions affecting these jurisdictions.
• FATF High-Risk Jurisdictions: Enhanced due diligence metadata is required for all listings submitted by entities registered in jurisdictions on the FATF High-Risk and Other Monitored Jurisdictions list.
• Platform Primary Storage: All platform metadata is stored on infrastructure located within the United Kingdom and European Economic Area.

Each submitting entity agrees, as a condition of platform access, to fully indemnify and hold harmless XB2BX Ltd., its directors, officers, employees, and contracted agents against any and all losses, claims, penalties, regulatory fines, legal costs, and third-party damages arising from:

• Inaccurate, incomplete, falsified, or fraudulent metadata submitted by the entity or its authorised users.
• Failure to update metadata to reflect material changes in the status, availability, or characteristics of listed goods or documents.
• Breach of applicable sanctions, trade control, or anti-money laundering obligations in connection with platform activity.
• Infringement of third-party intellectual property rights through content submitted to the platform.
• Non-compliance with applicable data protection law in the collection and submission of personal data embedded in metadata fields.

• Rejection Decisions: Must be submitted within 14 calendar days of notification. Appeals submitted after this window will not be accepted without exceptional circumstances.
• Suspension Decisions: Must be submitted within 10 business days. The suspension remains in effect during the appeal process unless XB2BX issues a provisional lifting order.
• Account Termination: Must be submitted within 21 calendar days. Legal representation is strongly recommended for termination appeals given their binding nature.

• Full legal entity name, registration number, and XB2BX account identifier.
• Specific grounds of appeal with reference to the violation classification and the factual basis for dispute.
• Supporting evidence — original documents, corrected metadata, third-party verification, or other relevant materials.
• Declaration signed by an authorised signatory of the entity attesting to the truth and completeness of the information provided.

This framework and all disputes arising from it are governed by the laws of England and Wales. The parties irrevocably submit to the exclusive jurisdiction of the courts of England and Wales in respect of any dispute, claim, or proceedings arising out of or in connection with this framework or its subject matter. This does not limit XB2BX's right to seek injunctive relief in any jurisdiction where an entity holds assets or conducts operations.