DRAFT — NOT AN ISO STANDARD This document is written in ISO-style formatting as a draft proposal for potential submission. It is not an official ISO standard, and it has not been reviewed, approved, or endorsed by ISO or any standards body.
This International Standard provides a structured framework for the governance of rules, including their creation, amendment, communication, and enforcement. It establishes principles and requirements for managing the lifecycle of rules in a manner that is transparent, auditable, and adaptable to changing environments.
The standard is intended to support organisations, governments, and digital ecosystems in achieving governance integrity by embedding evidence-based decision-making, accountability, and explainability into the architecture of rule management. It is aligned with the objectives of related governance standards and complements existing compliance and assurance frameworks.
Governance is the foundation of trust and legitimacy in organisational and societal systems. Rules—whether laws, policies, or standards—are not static artefacts; they exist within dynamic environments and must evolve as conditions change. Effective governance requires not only rules but also clear rules for managing rules. This meta-governance layer ensures that rule changes follow a logic that is transparent, fair, and auditable.
Historically, governance frameworks have focused on partial aspects of the lifecycle. In software development, emphasis is placed on decision-making, announcement, and enforcement. In policy theory, attention centres on monitoring, analysis, and reporting. Both approaches neglect critical elements such as environment-change logic and behavioural communication, resulting in fragmented governance models.
This standard addresses these gaps by defining a complete governance lifecycle, supported by meta-rules and actor interaction logic. It introduces two interconnected cycles:
- Rule Change Proposal Cycle: Monitoring → Analysis → Reporting.
- Rule Implementation Cycle: Announcement → Communication → Enforcement.
It also recognises two trigger points:
- Environmental Change, which activates the Rule Change Proposal Cycle.
- Decision, which activates the Rule Implementation Cycle.
The framework is designed to be modular, enabling integration with digital systems and AI governance tools. It supports transparency, accountability, and resilience by design.
This standard specifies requirements for the governance lifecycle of rules, including:
- Principles for rule lifecycle management.
- Meta-rules governing each stage of the lifecycle.
- Roles and responsibilities of governance actors.
- Processes for monitoring, analysis, reporting, decision-making, announcement, communication, and enforcement.
The standard applies to:
- Public and private sector organisations.
- Governance of laws, policies, standards, and digital rules.
- Manual and automated governance systems, including AI-enabled environments.
This standard does not prescribe the substantive content of rules or sector-specific compliance requirements. It focuses exclusively on the governance architecture and processes for managing rules throughout their lifecycle.
This standard is self-contained and does not rely on external normative references. However, organisations seeking complementary guidance may consult related standards such as ISO 9001 (Quality Management Systems) and ISO/IEC 38500 (Governance of IT). These documents provide broader principles for quality and IT governance that align with the objectives of this standard.
- Rule: A formal directive governing behaviour or processes within a defined scope.
- Governance lifecycle: The structured stages through which a rule is proposed, approved, implemented, and enforced.
- Meta-rule: A rule that governs how other rules are created, amended, communicated, or retired.
- Rule Change Proposal Cycle: Activities that prepare evidence and logic for rule change, including monitoring, analysis, and reporting.
- Rule Implementation Cycle: Activities that operationalise an approved rule, including announcement, communication, and enforcement.
- Decision: A formal governance act to create, amend, or retire a rule, which triggers the Rule Implementation Cycle.
- Environmental Change: A shift in the external context that may require rule adaptation and triggers the Rule Change Proposal Cycle.
- Actors: Governance participants, including Rule Makers, Decision Makers, Rule Users, and Environment stakeholders.
The governance lifecycle is guided by principles that ensure integrity and adaptability. First, governance must separate strategic and operational functions into two distinct cycles: the Rule Change Proposal Cycle, which focuses on evidence and logic for rule change, and the Rule Implementation Cycle, which ensures effective operationalisation of approved rules.
Second, governance must recognise Decision and Environmental Change as distinct trigger points for lifecycle activity, with Environmental Change activating the Proposal Cycle and Decision activating the Implementation Cycle.
Third, transparency and auditability must be embedded at all stages. Evidence-based logic is non-negotiable; decisions must be traceable to monitoring and analysis outputs. Finally, governance must prioritise accessibility and behavioural enablement through effective communication, ensuring that rules are not only announced but understood and actionable.
The governance lifecycle comprises two interconnected cycles that operate recursively:
-
Rule Change Proposal Cycle: Environmental Change → Monitoring → Analysis → Reporting. This cycle ensures that rule changes are grounded in evidence and structured interpretation. Monitoring provides raw data, analysis converts data into insights, and reporting translates insights into decision-ready outputs. This entire cycle is activated by Environmental Change.
-
Rule Implementation Cycle: Decision → Announcement → Communication → Enforcement. This cycle operationalises approved rules. Announcement signals the existence of a rule, communication ensures comprehension and usability, and enforcement secures compliance. This entire cycle is activated by Decision.
Two trigger points govern the lifecycle: Decision, which activates implementation, and Environmental Change, which initiates monitoring and analysis and thereby activates the full proposal cycle. This dual-trigger design ensures governance remains adaptive to both internal and external dynamics.
Diagram Placeholder: A visual representation shall depict:
- Two cycles instead of clusters.
- Two trigger points mapped correctly to cycles.
- Actor ecosystem (Rule Makers, Decision Makers, Rule Users, Environment).
- Flow of dependencies between stages.
Each stage of the lifecycle must be governed by explicit meta-rules to ensure consistency and fairness. For example, Monitoring shall specify frequency, scope, and validation authority to prevent selective or biased data collection. Analysis shall define acceptable methods and independence requirements to safeguard objectivity. Reporting shall prescribe format, timing, and escalation paths to maintain clarity and timeliness.
Similarly, Decision shall define authority, quorum, and override logic to uphold legitimacy and trigger the Rule Implementation Cycle. Announcement shall specify timing and responsible parties, while Communication shall ensure accessibility, clarity, and multi-channel delivery. Enforcement shall define scope, escalation tiers, and proportionality to balance compliance with fairness. Environmental Change, occurring outside formal governance boundaries, must be recognised as the trigger for initiating the Rule Change Proposal Cycle.
These meta-rules transform governance from aspirational principles into operational reality.
The sequencing of stages is not arbitrary; it reflects governance logic. Environmental Change precedes Monitoring, because context must shift before new evidence-gathering begins. Monitoring precedes analysis because evidence is foundational. Analysis precedes reporting because interpretation must come before communication. Reporting precedes decision because governance bodies require structured outputs to act responsibly.
Similarly, Decision precedes Announcement, because a formal approval must occur before signalling. Announcement precedes communication because signalling existence comes before explanation. Communication precedes enforcement because comprehension is a prerequisite for compliance. This logic ensures that governance processes are coherent, defensible, and resistant to failure under stress.