Rules

Contributors: (ordered alphabetically) Arthit Suriyawongkul (ADAPT Centre, Trinity College Dublin), Axel Polleres (Vienna University of Economics and Business), Beatriz Esteves (IDLab, IMEC, Ghent University), Bud Bruegger (Unabhängige Landeszentrum für Datenschutz Schleswig-Holstein), Damien Desfontaines (No affiliation provided), Danielle Welter (University of Luxembourg), David Hickey (Dublin City University), Delaram Golpayegani (ADAPT Centre, Trinity College Dublin), Elmar Kiesling (Vienna University of Technology), Fajar Ekaputra (Vienna University of Technology), Georg P. Krog (Signatu AS), Harshvardhan J. Pandit (AI Accountability Lab (AIAL), Trinity College Dublin), Iain Henderson (JLINC Labs), Javier Fernández (Vienna University of Economics and Business), Julian Flake (University of Koblenz), Julio Hernandez (Dublin City University), Mark Lizar (OpenConsent/Kantara Initiative), Maya Borges (Danish Agency for Digitisation), Paul Ryan (Uniphar PLC), Piero Bonatti (Università di Napoli Federico II), Rana Saniei (Universidad Politécnica de Madrid), Rob Brennan (University College Dublin), Rudy Jacob (Proximus), Simon Steyskal (Siemens), Steve Hickman (Epistimis LLC). NOTE: The affiliations are informative, do not represent formal endorsements, and may be outdated as this list is generated automatically from existing data.

Abstract

This document provides additional details and examples for rules concepts for permission, prohibition, and obligation used in the Data Privacy Vocabulary [DPV], and is a companion to the [DPV] specification.

DPV's Rules are broadly categorised as AcceptableRule to indicate something is desired and can or should be allowed to happen - including the undesirability of it not occurring, and UnacceptableRule to indicate the opposite i.e. something that is undesirable to occur or it is desirable for it to not occur. These categories are only indicative as a way to group the specific concepts together based on commonality of interpretation and application.

dpv:AcceptableRule: A rule that is acceptable where it is either desirable if it occurs or it is not unacceptable if it does go to full definition
- dpv:Obligation: A rule describing an obligation for performing an activity go to full definition
- dpv:Permission: A rule describing a permission to perform an activity go to full definition
- dpv:Recommendation: A rule describing a recommendation for performing an activity go to full definition
dpv:UnacceptableRule: A rule that is unacceptable where it is not desirable if it occurs go to full definition
- dpv:Deterrence: A rule describing a deterrence for performing an activity go to full definition
- dpv:Prohibition: A rule describing a prohibition to perform an activity go to full definition

The rules concepts are based on specific phrasing defined in Request for Comments Summary RFC Numbers 2100-2199 that allows a standardised and consistent interpretation of the rules and provides a way to detect and represent them in textual forms and documentation. The table below summarises this association.

Concept	RFC 2119 Keyword
Permission	MAY
Recommendation	SHOULD
Obligation	MUST
Prohibition	MUST NOT
Deterrence	SHOULD NOT
Not Provided	MAY NOT

Permission refers to the indicated context being allowed or approved to be carried out. Permissions are only a 'permissive signal' i.e. it is not necessary to carry out an activity just because it is permitted (see obligation for this). Permissions can be used to record what has been permitted, such as in use-cases for policies, agreements, consent records, and risk assessments. Permission is indicated/associated using the relation hasPermission, and is typically indicated in textual form through the [RFC2199] keyword MAY.

A Permission means an optional acceptability, where the default or expectation is that something is not occurring and it is permissible to let it occur. Thus, when evaluating permissions, the only possible outcomes are whether it has or has not been utilised (see the fulfilment statuses).

Recommendation refers to the indicated context being suggested to be carried out. Recommendations are only a 'suggestion' i.e. it is not necessary (see obligation) to carry out an activity, but as it is being recommended, not carrying it out should be accompanied with a justification (see dpv:Justification that explains why it was not carried out. Recommendations can be used to record what has identified as the 'default' to occur with the possibility that it may not be desirable or may not occur in some cases. Such uses are typical in policies and guidelines. Recommendation is indicated/associated using the relation hasRecommendation, and is typically indicated in textual form through the [RFC2199] keyword SHOULD.

A Recommendation means a desired acceptability, where the default or expectation is that it is permissible to let it occur and it should be occurring. Thus, when evaluating recommendations, the only possible outcomes are whether it has or has not been utilised (see the fulfilment statuses).

Obligation refers to the indicated context being necessary or mandatory to be carried out. Obligations are a 'requirement' i.e. it is necessary to carry out an activity, which implies it is permitted, and that not carrying it out will be a problem or issue or violation. Obligations can be used to issue requirements in use-cases for policies, agreements, consent records, and risk assessments. Obligation is indicated/associated using the relation hasObligation, and is typically indicated in textual form through the [RFC2199] keyword MUST.

An Obligation means a necessary acceptability, where the default or expectation is that something is not occurring and it is necessary to make it occur. Thus, when evaluating obligations, the only possible outcomes are whether it has been fulfilled (i.e. what was said has been carried out), unfulfilled (i.e. not carried out but there is scope to so), and violated (see the fulfilment statuses).

Prohibition refers to the indicated context being necessary or mandatory to NOT be carried out. Prohibitions are a 'requirement' i.e. it is necessary to NOT carry out an activity, which implies it is not permitted, and that carrying it out will be a problem or issue or violation. Prohibitions can be used to issue requirements that are different from obligations in that the implementer must ensure the prohibited part is not being carried out, whereas obligations require that part to be carried out. Prohibition is indicated/associated using the relation hasProhibition, and is typically indicated in textual form through the [RFC2199] keyword MUST NOT.

A Prohibition means a necessary unacceptability, where the default or expectation is that something is not occurring and it is prohibited to let it occur. Thus, when evaluating prohibitions, the only possible outcomes are whether it has been fulfilled (i.e. what was said has NOT been carried out) or violated (see the fulfilment statuses).

Deterrence refers to the indicated context being suggested to NOT be carried out. Deterrences are only a 'suggestion' i.e. it is not necessary (see prohibition) to prevent an activity, but as it is being deterred from being carrying out, it should be accompanied with a justification (see dpv:Justification that explains why it was carried out. Deterrences can be used to record what has been identified as the 'default' that should not be occurring with the possibility that it may be desirable or may occur in some cases. Such uses are typical in policies and guidelines. Deterrence is indicated/associated using the relation hasDeterrence, and is typically indicated in textual form through the [RFC2199] keyword SHOULD NOT.

A Deterrence means a desired unacceptability, where the default or expectation is that it is not permissible to let it occur and it should be not occurring. Thus, when evaluating recommendations, the only possible outcomes are whether it has or has not been utilised (see the fulfilment statuses).

Rules can be expressed in two forms: (1) by directly declaring them as an instance of a specific rule concept; and (2) by using the relation to declare an interpretation/application of a rule. The example below shows both in use, where the first method uses a relation to indicate whether a process is permitted or prohibited, and the second contains the process itself being declared as permitted or prohibited.

Example 2: Specifying permissions and prohibitions

This example show a process where service provision based on consent is permitted, and profiling based on legitimate interest is prohibited

# Method 1: associating an existing process as a rule
ex:PDH a dpv:Process ;
    dpv:hasPermission [
        a dpv:Process ;
        # a dpv:Permission ; <-- inferred
        dpv:hasPurpose dpv:ServiceProvision ;
        dpv:hasLegalBasis dpv:Consent ;
    ] ;
    dpv:hasProhibition [
        a dpv:Process ;
        # a dpv:Prohibition ; <-- inferred
        dpv:hasProcessing dpv:Profiling ;
        dpv:hasLegalBasis dpv:LegitimateInterest ;
    ] .

# Method 2: indicating rules as a status 
ex:PDH a dpv:Process ;
    dpv:hasProcess [
        a dpv:Process ;
        dpv:hasRule dpv:Permission ; # <-- 
        dpv:hasPurpose dpv:ServiceProvision ;
        dpv:hasLegalBasis dpv:Consent ;
    ] ;
    dpv:hasProcess [
        dpv:hasRule dpv:Prohibition ; # <--
        dpv:hasProcessing dpv:Profiling ;
        dpv:hasLegalBasis dpv:LegitimateInterest ;
    ] .

(META Example ID: E0066; link: source file; contributed by Harshvardhan J. Pandit on 2024-06-14)

Both methods have their advantages or utility. For Method 1 where relations are used, this allows existing processes to be contextually declared as permitted in one use-case and prohibited in another. For Method 2 where instances are used, this allows annotating processes or use-cases as being permitted or prohibited in entirely -- e.g. in reports. A note of caution: though Method 1 uses relations, it can be inferred that the process is being permitted/prohibited when running a reasoner (which is correct in context).

The DPVCG is exploring representing the state of rule fulfilment through concepts, for example to represent a prohibition has been violated, or an obligation has been fulfilled, or a permission has been utilised. The currently provided concepts for these, represented by the concept RuleFulfilmentStatus and its taxonomy, which are associated using the relation hasFulfilmentStatus, indicate the intent and scope of this work.

dpv:RuleFulfilled: Status indicating a rule has been fulfilled, completed, or satisfied go to full definition
- dpv:DeterrenceFollowed: Status indicating a deterrence has been followed i.e. the activity stated as being deterred has not been carried out go to full definition
- dpv:ObligationFulfilled: Status indicating an obligation has been fulfilled i.e. the activity stated as being required to be carried out has been successfully completed go to full definition
- dpv:PermissionNotUtilised: Status indicating a permission has not been utilised i.e. the activity stated as being permitted has not been carried out go to full definition
- dpv:PermissionUtilised: Status indicating a permission has been utilised i.e. the activity stated as being permitted has been carried out go to full definition
- dpv:ProhibitionUnviolated: Status indicating a prohibition has not been violated i.e. the activity stated as being prohibited has not been carried out go to full definition
- dpv:RecommendationFollowed: Status indicating a recommendation has been followed i.e. the activity stated as being recommended has been carried out go to full definition
dpv:RuleUnfulfilled: Status indicating a rule has not been fulfilled nor violated go to full definition
- dpv:DeterrenceNotFollowed: Status indicating a deterrence has not been followed i.e. the activity stated as being deterred has been carried out go to full definition
- dpv:ObligationUnfulfilled: Status indicating an obligation has not been fulfilled i.e. the activity stated as being required to be carried out has not been carried out but this is not considered as a violation e.g. there is still time to conduct the activity go to full definition
- dpv:RecommendationNotFollowed: Status indicating a recommendation has not been followed i.e. the activity stated as being recommended has not been carried out go to full definition
dpv:RuleViolated: Status indicating a rule has been violated, breached, broken, or infracted go to full definition
- dpv:ObligationViolated: Status indicating an obligation has been violated i.e. the activity stated as being required to be carried out has not been carried out and this is considered as a violation i.e. the activity can no longer be carried out to fulfil the obligation go to full definition
- dpv:ProhibitionViolated: Status indicating a prohibition has been violated i.e. the activity stated as being prohibited has been carried out go to full definition

Example 3: Stating status of Rule fulfilment

This example shows how the status of rules can be expressed in terms of their fulfilment or violation.

# Method 1) Rule and status in process
ex:SomeProcess a dpv:Process ;
    dpv:hasRule dpv:Obligation ;
    dpv:hasStatus dpv:ObligationFulfilled .

# Method 2) Rule with embedded status
ex:SomeProcess a dpv:Process ;
    dpv:hasRule [
        a dpv:Obligation ;
        dpv:hasStatus dpv:ObligationFulfilled ;
    ] .

# Method 3) Embedded status with date
ex:SomeProcess a dpv:Process ;
    dpv:hasRule [
        a dpv:Obligation ;
        dpv:hasStatus [
            a dpv:RuleFulfilmentStatus ;
            skos:broader dpv:ObligationFulfilled ;
            dct:date "2025-01-01"^^xsd:date ;
        ] ;
    ] .

# Method 4) Rule status per entity
ex:Log1 a dpv:RuleFulfilmentStatus ;
    skos:broader dpv:ObligationFulfilled ;
    dpv:hasEntity ex:AcmeInc ;
    dct:date "2025-01-01"^^xsd:date .
ex:Log2 a dpv:RuleFulfilmentStatus ;
    skos:broader dpv:ObligationUnfulfilled ;
    dpv:hasEntity ex:BetaInc ; # as of this date
    dct:date "2025-01-01"^^xsd:date .

(META Example ID: E0084; link: source file; contributed by Harshvardhan J. Pandit on 2025-01-01)

The DPVCG is working with ongoing efforts regarding similar modelling of concepts for ODRL implementations, in particular to ensure the concepts in DPV are in sync and compatible with those developed for ODRL. The below issue shows the progress for this.

Issue 189: [Concept]: Rules fulfilment and applicability statuses WIP dpv

In meeting SEP-10 the group agreed to include statuses for RuleFulfilmentStatus fulfilment and applicability. These are aimed to provide an overview of whether the rule applies (e.g. permission utilised) and whether it has been successful (e.g. obligation fulfilled). We aim to align this work with external efforts related to ODRL rules for Solid. Proposed future work involves describing rules in relation to:

triggers e.g. ex-ante, ex-post, real-time
interpretation e.g. permissive, prohibitive, contextually permissive/prohibitive

Though DPV provides concepts representing deontic logic, it does not specify what should be the 'default' interpretation in relation to rules, i.e. it does not provide an interpretation of whether some rules apply automatically unless otherwise declared. For example, in declaring an instance of Process, the assumption is that the activities are modelled for what is happening or what is intended/planned to happen. The explicit annotation using a Permission rule adds information about whether some activity is permitted (and its associated information). Instead, if the use-case is using DPV to only document activities that are permitted, there is no need to explicitly specify the permissions. Similarly, just because something is happening or planned to happen, it cannot be assumed to be permitted (e.g. pending evaluation of legal requirements).

This lack of default interpretation enables modularity in the use of DPV concepts. For example, an instance of dpv:Process which does not have a dpv:hasRule declared within it, can be made part of a rule to specify permissions, prohibitions, or obligations regarding the process. If instead the process had a default interpretation (e.g. permission), then it would require creating a separate instance with the same information - leading to duplicated efforts. While an apparent solution is to create a mechanism whereby the rule in the process is overridden with the intended 'outer' rule or context e.g. to specify the prohibition in one process overrules permission in another process, this prevents the combination of rules to describe situations such as a permission for a larger context within which specific parts are prohibited or obligated.

In representing Rules, DPV only provides the concept and does not express any inherent semantics on what those rules mean in relation to each other. For example, DPV does not express Permission to be non-compatible or disjoint from Prohibition. This is to separate the interpretation and application of rules based on the necessities of a use-case. For example, in a legal investigation it may be prudent to specify permission and prohibition can never occur together, but this may not be true if there are different legal requirements that allow a prohibition to be resolved or deferred, such as through another permission that overrides the prohibition.

Further, as described earlier in the section on default interpretations, it is possible to mix or nest rules such as through processes. For example, if ProcessA is a permitted process and contains ProcessB which is a prohibited process, DPV does not dictate what should be default interpretation for this arrangement. The role of DPV concepts regarding rules, as of now, is to provide a simplified indication of whether something is permitted, prohibited, or obligated. Further interpretations require creation of a formal specification that dictates how rules should function together. For example, depending on the use-case, several interpretations are possible for the example described here:

Prohibitive interpretation: Both ProcessA and ProcessB are prohibited because through ProcessA is permitted, ProcessB is within it and is prohibited - thereby prohibiting both processes. Such interpretations prevent modularity - everything is prohibited because something is prohibited, or it is permitted because there are no prohibitions.
Permissive interpretation: ProcessA and ProcessB are both permitted since ProcessA gives permission for the entire process and overrides the prohibition in ProcessB. Such interpretations also prevent modularity - everything is permitted because the higher/broader processes are permitted even though there are specific prohibitions at a granular level.
Contextually Prohibitive interpretation: ProcessB is prohibited as declared, and the rest of ProcessA without ProcessB is permitted. If there was a further ProcessC that is permitted, and is present within ProcessB, then ProcessC would still be prohibited as the broader prohibition from ProcessB overrides it. Such interpretations permit modularity with permission granted for parts as long as there is no prohibition overriding it from a broader context. In this, a prohibition within a permission still allows the permitted parts to be carried out, whereas a permission within a prohibition would still be prohibited.
Contextually Permissive interpretation: This is the same as the contextually prohibitive interpretation, except permissions occurring within prohibitions are not overridden. This means, ProcessA is allowed through its permission, with ProcessB within it being prohibited, except for ProcessC within ProcessB - which is permitted.

The above example interpretations only concerned permissions and prohibitions, and did not include obligations - or other concepts such as duties, dispensations, exceptions, and defeasibility. From this, it should be clear how the specification and interpretation of rules can be quite complex and has a large impact on the intended activities and information being documented.

Note: DPVCG is exploring providing rule interpretation concepts in future versions

The DPVCG is discussing the provision of concepts to indicate the interpretation of rules as discussed above. These concepts would then be associated with rules to express how they should be interpreted - which would avoid ambiguities and ensure consistent interpretation through shared semantics.

In addition, we are also interested in representing concepts for conflict resolution strategies - for example what should be done if an permission and a prohibition are expressed over the same resource. Like the interpretation concepts, the conflict resolution concepts would also be expressed along with the rules to ensure all implementations have a consistent interpretation and outcome regarding the rules.

As with the Rules Fulfilment concepts, this work is expected to be in sync with the ODRL implementation work. We welcome ideas and participation in this process. See Issue#189.

[ODRL] provides a W3C standardised representation for expressing policies containing rules such as for permissions, prohibitions, obligations over 'assets' and the involved 'parties'. While ODRL focuses on providing a general structure for policies without jurisdictional concepts or modelling, it complements DPV by enabling declaration of policies, agreements, and other similar documents in a structured, interoperable, and standardised manner. The DPV concepts enable specifying the exact information within the structure provided by ODRL - which can be useful for two entities to exchange information. For example, in a controller-processor agreement, ODRL can be used to define the agreement in terms of involved parties, their roles, and which entity is responsible for performing which actions, as well as the expected ex-post consequences of those actions - such as for reporting from processor to controller, or to indicate what should be done should a particular requirement is violated.

The DPVCG is interested in formally authorising a shared specification with the ODRL Community Group that outlines the use of DPV concepts for/with ODRL. The current proposal for this is to create an ODRL profile that declares DPV concepts in context of ODRL's conceptual model and through which DPV concepts can be correctly declared and used in ODRL. The current draft guidance document for use of DPV and ODRL is available at Guide for using DPV with ODRL, and the mapping of concepts between DPV and ODRL is available at Mapping DPV concepts to ODRL.

Issue 31: Mappings from DPV to other vocabularies todo help-wanted

This issue is intended to create a list identifying the vocabularies whose mappings should be provided by the DPVCG.

Given that DPV takes a singularly domain-specific approach to defining terms (i.e. it does not consider semantics from other vocabularies), its use alongside or with other vocabularies is undefined. For example, dpv:hasName is semantically similar to foaf:name or rdfs:label. When an use-case or adopter requires use of other vocabularies, it is desirable to have an alignment between DPV and other vocabularies so as to have a data model/graph utilising both.

The proposal is to provide such mappings in a directory e.g. /mappings/dpv-foaf containing an RDF file representing the mapping which is expressed using SKOS (i.e. exact, close, related) and a HTML document explaining the rationale and implications.

Below are vocabularies proposed for producing mappings (section below is edited to keep the list updated)

RDFS (labels, comments) and SKOS (labels, notes) - note: DPV prefers use of SKOS annotations
foaf - annotations for agents / entities
vCard - annotations for agents / entities
DCMI Metadata Terms - relations for commonly utilised information e.g. timestamps, publication provenance, identifiers
ODRL - legal/deontic terms e.g. parties (entities in DPV) and rules regarding permissions - aligned with DPV's taxonomy e.g. personal data, purpose, legal basis
SEMIC - EU SEMIC vocabularies such as DCAT-AP, Core, ADMS used for open data
PROV - activities, aretefacts, agents/entities, and expressing plans/provenance
gist - upper ontology for business processes and concepts
schema.org - broad coverage of terms representing entities, processes, for communications (e.g. emails), kinds of personal data
DCAT - resources, provenance of resources, representing data and catalogues

Issue 130: Alignment with ODRL scope WIP help-wanted

In this issue, we will track the work being done on aligning DPV with the ODRL information model (being maintained by the ODRL CG) towards the publication of a joint report.

This issue is also being tracked in the ODRL CG repo and mappings from DPV to other vocabs are tracked here #31.

Issue 351: DPV Rule Fulfilment Status - naming and alignment with ODRL WIP dpv

by @besteves4 in #301 (comment)

RuleFulfilmentStatus Concepts — comments to align with ODRL naming

dpv:DeterrenceUtilised: Status indicating a deterrence has been utilised i.e. the activity stated as being deterred has not been carried out -> Maybe just call it DeterrenceNotPerformed

dpv:DeterrenceNotUtilised: Status indicating a deterrence has not been utilised i.e. the activity stated as being deterred has been carried out-> Maybe just call it DeterrencePerformed

dpv:ProhibitionFulfilled -> dpv:ProhibitionNotPerformed

dpv:PermissionNotUtilised -> dpv:PermissionNotPerformed

dpv:PermissionUtilised -> dpv: PermissionPerformed

dpv:RecommendationUtilised -> dpv:RecommendationPerformed

dpv:RecommendationNotUtilised -> dpv:RecommendationPerformed

Term	AcceptableRule	Prefix	dpv
Label	Acceptable Rule
IRI	https://w3id.org/dpv#AcceptableRule
Type	rdfs:Class, skos:Concept, dpv:Rule
Broader/Parent types	dpv:Rule
Object of relation	dpv:hasFulfilmentStatus, dpv:hasRule
Definition	A rule that is acceptable where it is either desirable if it occurs or it is not unacceptable if it does
Usage Note	Acceptable is a subjective concept that enables distinguishing with "unacceptable". By itself it does not signal any permission or obligation - for which further specific concepts are defined
Date Created	2025-06-19
Contributors	Arthit Suriyawongkul, Beatriz Esteves, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
See More:	section RULES in DPV

Term	Deterrence	Prefix	dpv
Label	Deterrence
IRI	https://w3id.org/dpv#Deterrence
Type	rdfs:Class, skos:Concept, dpv:Rule
Broader/Parent types	dpv:UnacceptableRule → dpv:Rule
Object of relation	dpv:hasDeterrence, dpv:hasFulfilmentStatus, dpv:hasRule
Definition	A rule describing a deterrence for performing an activity
Usage Note	Deterrences are aligned with the term SHOULD NOT* in RFC2119 where specified activities should be avoided from being carried out but are not prohibitions*
Date Created	2025-06-19
Contributors	Arthit Suriyawongkul, Beatriz Esteves, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
See More:	section RULES in DPV

Term	DeterrenceFollowed	Prefix	dpv
Label	Deterrence Followed
IRI	https://w3id.org/dpv#DeterrenceFollowed
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a deterrence has been followed i.e. the activity stated as being deterred has not been carried out
Date Created	2025-08-06
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake
See More:	section RULES in DPV

Term	DeterrenceNotFollowed	Prefix	dpv
Label	Deterrence Not Followed
IRI	https://w3id.org/dpv#DeterrenceNotFollowed
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleUnfulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a deterrence has not been followed i.e. the activity stated as being deterred has been carried out
Date Created	2025-08-06
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake
See More:	section RULES in DPV

Term	Obligation	Prefix	dpv
Label	Obligation
IRI	https://w3id.org/dpv#Obligation
Type	rdfs:Class, skos:Concept, dpv:Rule
Broader/Parent types	dpv:AcceptableRule → dpv:Rule
Object of relation	dpv:hasFulfilmentStatus, dpv:hasObligation, dpv:hasRule
Definition	A rule describing an obligation for performing an activity
Usage Note	Obligations are aligned with the term MUST* in RFC2119 where specified activities are mandatory to be carried out*
Date Created	2022-10-19
Date Modified	2025-06-19
Contributors	Arthit Suriyawongkul, Beatriz Esteves, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
See More:	section RULES in DPV

Term	ObligationFulfilled	Prefix	dpv
Label	Obligation Fulfilled
IRI	https://w3id.org/dpv#ObligationFulfilled
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating an obligation has been fulfilled i.e. the activity stated as being required to be carried out has been successfully completed
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Term	ObligationUnfulfilled	Prefix	dpv
Label	Obligation Unfulfilled
IRI	https://w3id.org/dpv#ObligationUnfulfilled
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleUnfulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating an obligation has not been fulfilled i.e. the activity stated as being required to be carried out has not been carried out but this is not considered as a violation e.g. there is still time to conduct the activity
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Term	ObligationViolated	Prefix	dpv
Label	Obligation Violated
IRI	https://w3id.org/dpv#ObligationViolated
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleViolated → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating an obligation has been violated i.e. the activity stated as being required to be carried out has not been carried out and this is considered as a violation i.e. the activity can no longer be carried out to fulfil the obligation
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Term	Permission	Prefix	dpv
Label	Permission
IRI	https://w3id.org/dpv#Permission
Type	rdfs:Class, skos:Concept, dpv:Rule
Broader/Parent types	dpv:AcceptableRule → dpv:Rule
Object of relation	dpv:hasFulfilmentStatus, dpv:hasPermission, dpv:hasRule
Definition	A rule describing a permission to perform an activity
Usage Note	Permissions are aligned with the term MAY* in RFC2119 where specified activities may or may not be carried out*
Examples	`dex:E0028 ::` Rule specifying permission `dex:E0066 ::` Specifying permissions and prohibitions
Date Created	2022-10-19
Date Modified	2025-06-19
Contributors	Arthit Suriyawongkul, Beatriz Esteves, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
See More:	section RULES in DEX

Term	PermissionNotUtilised	Prefix	dpv
Label	Permission Not Utilised
IRI	https://w3id.org/dpv#PermissionNotUtilised
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a permission has not been utilised i.e. the activity stated as being permitted has not been carried out
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Term	PermissionUtilised	Prefix	dpv
Label	Permission Utilised
IRI	https://w3id.org/dpv#PermissionUtilised
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a permission has been utilised i.e. the activity stated as being permitted has been carried out
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Term	Prohibition	Prefix	dpv
Label	Prohibition
IRI	https://w3id.org/dpv#Prohibition
Type	rdfs:Class, skos:Concept, dpv:Rule
Broader/Parent types	dpv:UnacceptableRule → dpv:Rule
Object of relation	dpv:hasFulfilmentStatus, dpv:hasProhibition, dpv:hasRule
Definition	A rule describing a prohibition to perform an activity
Usage Note	Prohibitions are aligned with the term MUST NOT* in RFC2119 where specified activities are prohibited from being carried out*
Examples	`dex:E0029 ::` Rule specifying prohibition `dex:E0066 ::` Specifying permissions and prohibitions
Date Created	2022-10-19
Date Modified	2025-06-19
Contributors	Arthit Suriyawongkul, Beatriz Esteves, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
See More:	section RULES in DEX

Term	ProhibitionUnviolated	Prefix	dpv
Label	Prohibition Unviolated
IRI	https://w3id.org/dpv#ProhibitionUnviolated
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a prohibition has not been violated i.e. the activity stated as being prohibited has not been carried out
Date Created	2024-09-10
Date Modified	2025-08-06
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake
See More:	section RULES in DPV

Term	ProhibitionViolated	Prefix	dpv
Label	Prohibition Violated
IRI	https://w3id.org/dpv#ProhibitionViolated
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleViolated → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a prohibition has been violated i.e. the activity stated as being prohibited has been carried out
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Term	Recommendation	Prefix	dpv
Label	Recommendation
IRI	https://w3id.org/dpv#Recommendation
Type	rdfs:Class, skos:Concept, dpv:Rule
Broader/Parent types	dpv:AcceptableRule → dpv:Rule
Object of relation	dpv:hasFulfilmentStatus, dpv:hasRecommendation, dpv:hasRule
Definition	A rule describing a recommendation for performing an activity
Usage Note	Recommendations are aligned with the term SHOULD* in RFC2119 where specified activities should be carried out but are not obligations*
Date Created	2025-06-19
Contributors	Arthit Suriyawongkul, Beatriz Esteves, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
See More:	section RULES in DPV

Term	RecommendationFollowed	Prefix	dpv
Label	Recommendation Followed
IRI	https://w3id.org/dpv#RecommendationFollowed
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a recommendation has been followed i.e. the activity stated as being recommended has been carried out
Date Created	2025-08-06
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake
See More:	section RULES in DPV

Term	RecommendationNotFollowed	Prefix	dpv
Label	Recommendation Not Followed
IRI	https://w3id.org/dpv#RecommendationNotFollowed
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleUnfulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a recommendation has not been followed i.e. the activity stated as being recommended has not been carried out
Date Created	2025-08-06
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake
See More:	section RULES in DPV

Term	Rule	Prefix	dpv
Label	Rule
IRI	https://w3id.org/dpv#Rule
Type	rdfs:Class, skos:Concept
Object of relation	dpv:hasFulfilmentStatus, dpv:hasRule
Definition	A rule describing a process or control that directs or determines if and how an activity should be conducted
Examples	`dex:E0030 ::` Rule combining DPV with ODRL
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DEX

Term	RuleFulfilled	Prefix	dpv
Label	Rule Fulfilled
IRI	https://w3id.org/dpv#RuleFulfilled
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a rule has been fulfilled, completed, or satisfied
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Term	RuleFulfilmentStatus	Prefix	dpv
Label	Rule Fulfilment Status
IRI	https://w3id.org/dpv#RuleFulfilmentStatus
Type	rdfs:Class, skos:Concept
Broader/Parent types	dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status associated with a rule for indicating whether it is applicable, or has been utilised, and whether the requirements of the rule have been fulfilled or violated
Examples	`dex:E0084 ::` Stating status of Rule fulfilment
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DEX

Term	RuleUnfulfilled	Prefix	dpv
Label	Rule Unfulfilled
IRI	https://w3id.org/dpv#RuleUnfulfilled
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a rule has not been fulfilled nor violated
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Term	RuleViolated	Prefix	dpv
Label	Rule Violated
IRI	https://w3id.org/dpv#RuleViolated
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a rule has been violated, breached, broken, or infracted
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Term	UnacceptableRule	Prefix	dpv
Label	Unacceptable Rule
IRI	https://w3id.org/dpv#UnacceptableRule
Type	rdfs:Class, skos:Concept, dpv:Rule
Broader/Parent types	dpv:Rule
Object of relation	dpv:hasFulfilmentStatus, dpv:hasRule
Definition	A rule that is unacceptable where it is not desirable if it occurs
Usage Note	Unacceptable is a subjective concept that enables specifying something is to be avoided as compared to "acceptable". By itself it does not signal any deterrence or prohibition - for which further specific concepts are defined
Date Created	2025-06-19
Contributors	Arthit Suriyawongkul, Beatriz Esteves, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
See More:	section RULES in DPV

Term	hasDeterrence	Prefix	dpv
Label	has deterrence
IRI	https://w3id.org/dpv#hasDeterrence
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasRule
Sub-property of	dpv:hasRule
Domain includes	dpv:Context
Range includes	dpv:Deterrence
Definition	Specifies applicability or inclusion of a deterrence rule within specified context
Date Created	2025-06-19
Contributors	Arthit Suriyawongkul, Beatriz Esteves, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
See More:	section RULES in DPV

Term	hasFulfilmentStatus	Prefix	dpv
Label	has fulfilment status
IRI	https://w3id.org/dpv#hasFulfilmentStatus
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasStatus
Sub-property of	dpv:hasStatus
Domain includes	dpv:Context
Range includes	dpv:Rule
Definition	Specifies the fulfillment status associated with a rule
Date Created	2024-09-10
Date Modified	2025-06-19
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Term	hasObligation	Prefix	dpv
Label	has obligation
IRI	https://w3id.org/dpv#hasObligation
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasRule
Sub-property of	dpv:hasRule
Domain includes	dpv:Context
Range includes	dpv:Obligation
Definition	Specifies applicability or inclusion of an obligation rule within specified context
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DPV

Term	hasPermission	Prefix	dpv
Label	has permission
IRI	https://w3id.org/dpv#hasPermission
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasRule
Sub-property of	dpv:hasRule
Domain includes	dpv:Context
Range includes	dpv:Permission
Definition	Specifies applicability or inclusion of a permission rule within specified context
Examples	`dex:E0066 ::` Specifying permissions and prohibitions
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DEX

Term	hasProhibition	Prefix	dpv
Label	has prohibition
IRI	https://w3id.org/dpv#hasProhibition
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasRule
Sub-property of	dpv:hasRule
Domain includes	dpv:Context
Range includes	dpv:Prohibition
Definition	Specifies applicability or inclusion of a prohibition rule within specified context
Examples	`dex:E0066 ::` Specifying permissions and prohibitions
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DEX

Term	hasRecommendation	Prefix	dpv
Label	has recommendation
IRI	https://w3id.org/dpv#hasRecommendation
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasRule
Sub-property of	dpv:hasRule
Domain includes	dpv:Context
Range includes	dpv:Recommendation
Definition	Specifies applicability or inclusion of a recommendation rule within specified context
Date Created	2025-06-19
Contributors	Arthit Suriyawongkul, Beatriz Esteves, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
See More:	section RULES in DPV

Term	hasRule	Prefix	dpv
Label	has rule
IRI	https://w3id.org/dpv#hasRule
Type	rdf:Property, skos:Concept
Domain includes	dpv:Context
Range includes	dpv:Rule
Definition	Specifies applicability or inclusion of a rule within specified context
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DPV

DPV uses the following terms from [RDF] and [RDFS] with their defined meanings:

rdf:type to denote a concept is an instance of another concept
rdfs:Class to denote a concept is a Class or a category
rdfs:subClassOf to specify the concept is a subclass (subtype, sub-category, subset) of another concept
rdf:Property to denote a concept is a property or a relation

The following external concepts are re-used within DPV:

Rules

concepts in Data Privacy Vocabulary (DPV)

Abstract

Status of This Document

1. Introduction

2. Rules

2.1 Alignment with RFC2199

2.2 Permission

2.3 Recommendation

2.4 Obligation

2.5 Prohibition

2.6 Deterrence

2.7 Indicating Rules

2.8 Rule Fulfilment Status

3. Interpreting Rules

3.1 Default Interpretation

3.2 Mixing/Nesting Rules

4. Triggering Rules

5. Alignment with ODRL

6. Vocabulary Index

6.1 Classes

6.1.1 Acceptable Rule

6.1.2 Deterrence

6.1.3 Deterrence Followed

6.1.4 Deterrence Not Followed

6.1.5 Obligation

6.1.6 Obligation Fulfilled

6.1.7 Obligation Unfulfilled

6.1.8 Obligation Violated

6.1.9 Permission

6.1.10 Permission Not Utilised

6.1.11 Permission Utilised

6.1.12 Prohibition

6.1.13 Prohibition Unviolated

6.1.14 Prohibition Violated

6.1.15 Recommendation

6.1.16 Recommendation Followed

6.1.17 Recommendation Not Followed

6.1.18 Rule

6.1.19 Rule Fulfilled

6.1.20 Rule Fulfilment Status

6.1.21 Rule Unfulfilled

6.1.22 Rule Violated

6.1.23 Unacceptable Rule

6.2 Properties

6.2.1 has deterrence

6.2.2 has fulfilment status

6.2.3 has obligation

6.2.4 has permission

6.2.5 has prohibition

6.2.6 has recommendation

6.2.7 has rule

6.3 External

Funding Acknowledgements

Funding Sponsors

Funding Acknowledgements for Contributors

Conformance

A. References

A.1 Normative references