The Open Standard for
Robot Safety
An open standard any robot can implement. Identity, accountability, and safety โ built in.
Two distinct things
The Protocol and the Registry
The internet has DNS and ICANN. IoT has Matter. Robotics has nothing.
RCAN proposes both โ and they are separate.
Open Specification
The RCAN Protocol
A set of open standards โ like TCP/IP, but for robots โ that define how robots identify themselves, sign actions, authenticate users, and guarantee safe behavior even when networks fail.
- โ Message format + signing (Ed25519)
- โ Confidence gates + Human-in-the-Loop authorization
- โ Tamper-evident audit chain
- โ Swarm safety + peer verification
- โ Offline-resilient: local safety always wins
CC BY 4.0 โ implement it in anything. No registry required.
Read the spec โOpen Service
The Robot Registry
A global public directory of robots โ like a domain registrar, but for physical machines. Any robot, from any manufacturer, using any runtime, can register and get a globally unique Robot Registration Number (RRN).
- โ Assigns globally unique RRNs
- โ Tracks provenance, ownership, manufacturer
- โ Machine-readable records via REST API
- โ Verification tiers: community โ manufacturer โ certified
- โ Federated โ multiple registries can cross-verify
Free to register. No RCAN implementation required to list a robot.
Visit robotregistryfoundation.org โHow they connect: The protocol defines the RRN format and how robots reference their registry record in signed messages. The registry assigns and stores those records. You can run RCAN on a private network without registering publicly. You can register a robot without implementing RCAN. Both together give you a globally identifiable, auditable, standards-compliant robot.
Six layers, one job each
Where RCAN sits
RCAN is Layer 5 โ the wire protocol. It does not enforce. It does not run. It specifies.
- Layer 1 โ Declaration. ROBOT.md, robot-md CLI, robot-md-mcp (Advisory).
- Layer 2 โ Agent runtime. Claude Code, Codex, Gemini, any MCP host.
- Layer 3 โ Gateway / Enforcement. robot-md-gateway. Mandatory exclusive path.
- Layer 4 โ Robot-facing runtime. OpenCastor and other RCAN runtimes.
- Layer 5 โ Protocol. RCAN spec + SDKs. This site.
- Layer 6 โ Registry. Robot Registry Foundation.
Protocol Features
What RCAN defines โ implementable in any runtime, any language.
Robot URI (RURI)
Globally unique identifiers for every robot. Like URLs but for physical machines โ resolvable, federated, and human-readable.
rcan://registry.rcan.dev/acme/arm/v2/unit-001 Role-Based Access
Five-level hierarchy: Guest โ User โ Leasee โ Owner โ Creator. Explicit, auditable permissions at every layer.
Local Discovery
mDNS/DNS-SD via _rcan._tcp.local. Works when the cloud goes dark โ your robot never loses you.
Safety Invariants
Local safety always wins. Network loss triggers safe-stop. All commands timestamped and audited.
Federated Registries
Like email โ anyone can run an RCAN registry. No single point of control. Decentralized by design.
Fleet Coordination
Choreographed multi-robot commands, swarm discovery, and conflict resolution across manufacturers.
AI Accountability (ยง16)
Confidence gates, HiTL authorization, and HMAC-chained thought logs. Every AI decision carries model identity โ provable, not claimed.
confidence: 0.91, model: "Qwen2.5-7B" Robot Registry
Global RRN registry with manufacturer verification tiers (โฌ๐ก๐ตโ ). Like ICANN for robots โ federated, open, independent.
RRN-2026-0001-ABCD The Registry
Every robot deserves a permanent address.
The Robot Registry is a global public directory โ open to any robot, any manufacturer, any runtime. Register once. Get a permanent RRN. Your robot is globally addressable and verifiable forever.
Any robot, any runtime, any manufacturer. Free. No RCAN implementation required to register.
Who Is This For?
RCAN serves everyone in the robotics ecosystem.
Robot Manufacturers
Get globally unique RRNs for every unit. Earn manufacturer verification badges, satisfy EU AI Act Art. 49 registration requirements, and give your customers confidence through a public, auditable record.
Safety Engineers
Use the L1/L2/L3 conformance test suite to validate implementations. Leverage NIST AI RMF and ISO 10218-1:2025 alignment docs to meet industry and regulatory standards.
Governments & Regulators
Audit an open specification under independent governance, with a built-in AI accountability layer and signed audit chain. Productized runtimes (e.g., OpenCastor, robot-md) ship as Layer 4 with SBOM and conformance reports โ useful inputs for regulatory and procurement review.
Architecture
Why an open protocol beats a bolt-on layer
A safety layer that wraps a model's output sits outside the execution boundary โ it observes what the model generates but cannot constrain what it attempts or when dispatch occurs. For text applications, this trade-off is acceptable. For physical robots, the failure mode is different: a command that clears a post-generation safety filter but targets the wrong actuator causes physical harm before any check can intervene. Protocol-level enforcement closes this gap. RCAN's confidence thresholds and HiTL gates are structural constraints on the message transport โ not filters โ enforced before any command reaches an actuator.
Auditability is similarly structural in RCAN. The ML-DSA-65 signed audit chain records every command with principal identity, model confidence, thought provenance, and delegation path at dispatch time โ not reconstructed afterward. Each record is cryptographically chained to the previous; any modification breaks chain verification. This is the record-keeping architecture EU AI Act Article 12 requires, built into the protocol layer rather than added as a compliance reporting feature.
RCAN is an open specification under CC BY 4.0. Every claim in this documentation can be verified against the spec, the peer runtimes (OpenCastor and robot-md โ first-class implementations of a shared ROBOT.md), and the conformance test suite. Conformance levels L1โL4 define what "compliant" means concretely โ not as a self-certification, but as a pass/fail test suite any implementation can run.
Official SDKs
One command to get started.
pip install rcan npm install rcan-ts <script src="https://unpkg.com/rcan-ts/dist/rcan.iife.js"></script> from rcan import RobotURI, RCANMessage, ConfidenceGate
from rcan.audit import AuditChain
# Address your robot
uri = RobotURI.build(manufacturer="acme", model="arm", version="v2", device_id="unit-001")
# Gate on AI confidence (ยง16)
gate = ConfidenceGate(threshold=0.8)
confidence = 0.91 # from your model
if gate.allows(confidence):
msg = RCANMessage(
cmd="move_forward",
target=uri,
params={"distance_m": 1.0},
confidence=confidence,
model_identity="Qwen2.5-7B",
)
chain = AuditChain(secret="your-hmac-secret")
chain.append({"action": msg.cmd, "robot_uri": str(uri), "confidence": confidence})Ship your first message in 5 minutes
Install the SDK, build a Robot URI, gate on AI confidence, seal an audit record. That's it.
pip install rcan RobotURI.build(manufacturer, model, version, device_id) ConfidenceGate(threshold=0.8).allows(confidence) AuditChain.append(action) โ tamper-evident log $ rcan-validate config myrobot.rcan.yaml $ castor inspect RRN-000000000042
The infrastructure for
trusted robotics
Register your robot for free. Build with the open SDK. Ship safer AI-powered systems with a provable audit trail.
Open specification ยท CC BY 4.0 ยท No vendor lock-in ยท Changelog
Conformance is not certification.
Conformance to RCAN tracks (L1โL4 protocol, Gateway Authority, HIL Runtime Safety) is self-asserted via signed bundles and independently replayable from those bundles. Conformance is not certification. Certification requires audit by a qualified third-party body, which is intentionally out-of-scope for the foundation in 2026.