Today we are publishing the first unified specification for PCHP — the Personal Consent Handshake Protocol — as a public request for comments, and donating it to the open-source community under the most permissive license we can offer.
The one idea
PCHP standardizes a single thing: consent on every read of personal data.
Think of it as a signed receipt and a revocable key attached to every share of your data. Before anything private moves, a handshake happens — the requester says exactly what they want and why, the owner approves with a real credential, a scoped and time-boxed key is issued, the data moves inside a sealed envelope, and every step is written to a log the owner can read. Revoke, and the key dies.
The owner is always a human — or a machine that human governs, so the human keeps complete visibility and a kill switch.
Why a protocol, and why now
Two things are true at once in 2026. First, agents are becoming genuinely capable of acting on our behalf. Second, the data they need to be useful — our financial lives, our health, our identity — is exactly the data we cannot afford to hand over carelessly.
The industry solved "connect an agent to a tool" beautifully with the Model Context Protocol. But there is no open standard for the harder, more human question underneath it: how does a person grant, see, and revoke access to their own private data — to an agent, or to another person — with consent built into the protocol itself, not bolted on as a checkbox?
That gap is what PCHP fills. If MCP is how an AI application connects to tools and context, PCHP is how a person's private data connects to the humans and agents they trust — with consent as the protocol.
What is in the spec
The specification defines, with RFC-2119 normative language:
- A six-phase handshake — Discover, Hello, Offer, Consent, Deliver, Acknowledge — with version and capability negotiation.
- Two token families — a Consent Receipt and a per-read Data Access Token — with a published wire format, a scope grammar, and a JSON Schema.
- A zero-knowledge sealed envelope so data is delivered such that only the intended requester can open it, and the host never needs the plaintext.
- An append-only transparency log so every grant, read, and revocation is visible to the owner.
- Two conformance levels, stated honestly: a shipped baseline (with a cross-language golden-vector test suite) and a proposed high-assurance profile.
We were deliberate about honesty. Where something is shipped, the spec says so. Where something is a proposal for v1 — tamper-evident log sealing, threshold signing — the spec says that too. A mature protocol earns trust by being legible about its own frontier, not by overclaiming.
We learned from the best — and we credit them
PCHP's structure is directly inspired by MCP, which in turn credits the Language Server Protocol. We stand on that lineage gratefully, alongside SSH (the ancestor of hu_ssh, "SSH for humans"), OAuth, WebAuthn/passkeys, and the consent-receipt work of the wider privacy-engineering community. The Acknowledgements page names them, because crediting your lineage is how a standard earns trust.
A gift to the commons
We are dedicating the specification text to the public domain (CC0) and releasing the schema and reference code under Apache-2.0 — more open than MCP's MIT-only posture. We are not trying to own a standard. We are trying to make consent-first data sharing so easy and so open that it is adopted everywhere, faster than any protocol before it.
That only works if you take it, use it, break it, and tell us. Read the spec. Send us the parts that are unclear. Propose changes. We are publishing early and in the open precisely so PCHP is shaped by the people who adopt it.
— Manish Sainani and 🤫 Research & Intelligence Team
