Phosra Spec / Capability
PCSS v1.0 — DraftPhosra Lens
Refracts content, AI, and privacy into safety bands.
What Lens does
One refractor for every tier-based safety law.
Every modern child-safety law turns on a tier. Civil-society raters band content by age. New York's S9051 sorts AI products into four risk levels. The EU's AADC scores privacy posture. California's SB 243 categorizes companion-AI exposure. Each platform implements them ad-hoc, and parents end up with seven different toggles for the same intuition.
Lens ingests tier signals from upstream raters — civil-society privacy programs, AI risk-tier rubrics, OS-level age bands, the content rating boards — refracts every request through the configured tier policy, and emits a clean Allow / Warn / Block decision plus the cited rule and source signal.
The same parental policy now works across DNS, MDM, app stores, browsers, and AI products. No bespoke logic per statute, no per-platform interpretation drift — one refractor, audited once, deployed everywhere.
How partners plug in
Lens is a socket. Tier signals flow in. Decisions flow out.
These are the upstream signals Lens refracts — either shipping today, in conversation with a partner, or pending an upstream API.
Standards & laws
What Lens does for each statute.
- KOSA — gates algorithmic feeds and content categories by the user's known age band, satisfying the duty-of-care content tier requirements.
- EU AADC — enforces the privacy posture tier on every connected service, defaulting minor accounts to the strictest configuration.
- NY S9051 — maps AI products to the four risk tiers and blocks tier-3/4 access for minors at the network and app-store layers.
- CA SB 243 — gates companion-AI exposure for minors and surfaces the “not for kids” signal at the moment of enforcement.
- COPPA 2.0 — applies tier-based content and AI restrictions for users under 13 and 17, in line with the FTC's expanded scope.
- Civil-society privacy programs — consumes Pass / Warning / Fail seals and treats them as first-class enforcement tiers across every connected platform.
Conformance
Adopter Tier 1 certification.
To ship Lens-conformance for an Adopter Tier 1 certification, your implementation must pass [draft] coming Q3 tests in the Lens conformance suite. The suite covers tier-signal ingestion, refraction-policy correctness, decision tracing, and cited-rule emission.
We are co-authoring the suite with our design partners. If you want a seat at the table while the bar is being set, reach out.
Rule list
The 21 rules Lens ships
Every rule below is implemented by this capability. Pulled directly from the rule registry.
- Content Rating — Applies content maturity ratings (MPAA, TV Parental, ESRB, PEGI, civil-society) to filter age-inappropriate media.
- Violence Threshold
- Sexual Content Threshold
- Profanity Threshold
- Commercial Pressure Threshold
- Substance Content Threshold
- Privacy Seal Allowlist — Fast-path allowlist for products carrying a recognized civil-society privacy or safety seal.
- Social Chat Control
- Web Filter Level — Sets the overall web filtering strictness level from permissive to highly restrictive.
- Privacy Tier Gate — Gates by an independent privacy-rating tier (Pass / Warning / Fail).
- Privacy Score Threshold — Parent-tunable numeric privacy score threshold from an independent rater (0–100).
- Privacy Dimension Gate — Per-dimension privacy floor (e.g., 'Data Sold' must pass) from an independent rating.
- Privacy Seal Required — Walled-garden mode requiring a recognized civil-society privacy seal.
- Unrated Privacy Default — Fallback policy for apps without an independent privacy evaluation.
- Ai Chatbot Tier Gate
- Ai Product Classification Gate
- Ai Dim Keep Kids Safe Threshold
- Ai Dim Data Responsibility Threshold
- Ai Dim Transparency Threshold
- AI Minor Interaction — Controls AI chatbot and generative AI interactions with minor users, enforcing safety guardrails.
- Streaming Age Rating Enforce