SPUR welcomes the CoMP specification and the work IAB Tech Lab has done to standardise the content access negotiation layer. Our comments focus on two structural gaps that we believe undermine the spec's own stated goals.
What we are asking or
Content owners need to know how their content is being used by AI systems. CoMP defines how an AI system accesses content - the permissions, the licensing terms, the retrieval endpoints. But it provides no mechanism for a content owner to specify where usage data should be sent back. Without this, the terms negotiated through CoMP cannot be verified, and commercial arrangements driven by actual usage data cannot develop.
We are not asking CoMP to become a reporting specification - but we are asking CoMP to include the structural hook that connects the access layer to a content owner's reporting infrastructure.
Specifically:
A field in the Retrieval or Package object where the content owner can specify a reporting or telemetry endpoint. This is analogous to the existing endpoint field but for data flowing back to the publisher rather than out to the AI system. CoMP does not need to define what is sent to this endpoint - only that the content owner can declare one.
Guidance on citation format and verification. If citation is a field in the spec, the spec should indicate how citation compliance can be verified, even if the verification mechanism itself is defined elsewhere. See my previous comment for my concerns on resdis and citation declaration.
The spec should either define its own identity requirements for content-requesting AI systems or clarify how the existing Tech Lab Agent Registry will be extended to cover them. Without this, the identity layer is effectively non-functional for CoMP's stated purpose.
Reporting
The spec places reporting out of scope, then twice "strongly recommends" that content owners receive usage reporting from AI systems. We think this is the right instinct - but the spec as written provides no technical mechanism for a content owner to act on it.
The Retrieval object defines auth, endpoint, and type - everything an AI system needs to access content. There is no equivalent field for the content owner to specify where usage data should be sent back. A reporting_endpoint field (or similar) in the Retrieval or Package object would link the access layer to the content owner's reporting delivery mechanism.
The citation field is binary (0 or 1) with no verification path. A content owner can require citation but has no way to confirm it occurred, no way to specify how it should be formatted, and no channel through which citation events are reported.
The resdis field (results displayed to a human) is declared by the AI system at time of access, before inference. Combined with the absence of reporting, content owners have no way to observe whether the terms of access are being honoured and limited ability to negotiate commercial terms driven by actual usage data.
Identity
The id field in the AISystem object references the "Tech Lab Agent Registry," which is currently scoped to the agentic advertising ecosystem. The AI systems that would use CoMP to access publisher content - search engines, LLM providers, AI assistants - are not advertising agents and do not participate in the programmatic supply chain.
Given the importance of this identity to the rest of the permissions, licensing, and access process - will Tech Lab be expanding the scope of the agent registry? Providing guidance on the agent registration process?
Submitted on behalf of the SPUR Coalition
SPUR welcomes the CoMP specification and the work IAB Tech Lab has done to standardise the content access negotiation layer. Our comments focus on two structural gaps that we believe undermine the spec's own stated goals.
What we are asking or
Content owners need to know how their content is being used by AI systems. CoMP defines how an AI system accesses content - the permissions, the licensing terms, the retrieval endpoints. But it provides no mechanism for a content owner to specify where usage data should be sent back. Without this, the terms negotiated through CoMP cannot be verified, and commercial arrangements driven by actual usage data cannot develop.
We are not asking CoMP to become a reporting specification - but we are asking CoMP to include the structural hook that connects the access layer to a content owner's reporting infrastructure.
Specifically:
A field in the Retrieval or Package object where the content owner can specify a reporting or telemetry endpoint. This is analogous to the existing endpoint field but for data flowing back to the publisher rather than out to the AI system. CoMP does not need to define what is sent to this endpoint - only that the content owner can declare one.
Guidance on citation format and verification. If citation is a field in the spec, the spec should indicate how citation compliance can be verified, even if the verification mechanism itself is defined elsewhere. See my previous comment for my concerns on resdis and citation declaration.
The spec should either define its own identity requirements for content-requesting AI systems or clarify how the existing Tech Lab Agent Registry will be extended to cover them. Without this, the identity layer is effectively non-functional for CoMP's stated purpose.
Reporting
The spec places reporting out of scope, then twice "strongly recommends" that content owners receive usage reporting from AI systems. We think this is the right instinct - but the spec as written provides no technical mechanism for a content owner to act on it.
The Retrieval object defines auth, endpoint, and type - everything an AI system needs to access content. There is no equivalent field for the content owner to specify where usage data should be sent back. A reporting_endpoint field (or similar) in the Retrieval or Package object would link the access layer to the content owner's reporting delivery mechanism.
The citation field is binary (0 or 1) with no verification path. A content owner can require citation but has no way to confirm it occurred, no way to specify how it should be formatted, and no channel through which citation events are reported.
The resdis field (results displayed to a human) is declared by the AI system at time of access, before inference. Combined with the absence of reporting, content owners have no way to observe whether the terms of access are being honoured and limited ability to negotiate commercial terms driven by actual usage data.
Identity
The id field in the AISystem object references the "Tech Lab Agent Registry," which is currently scoped to the agentic advertising ecosystem. The AI systems that would use CoMP to access publisher content - search engines, LLM providers, AI assistants - are not advertising agents and do not participate in the programmatic supply chain.
Given the importance of this identity to the rest of the permissions, licensing, and access process - will Tech Lab be expanding the scope of the agent registry? Providing guidance on the agent registration process?
Submitted on behalf of the SPUR Coalition