OpenCompliance now makes the actor model explicit across evidence claims, signed manifests, and witness receipts. That means system exports, human owners, delegated approvers, verifier services, and independent witnesses are no longer flattened into one generic “signed by someone” bucket.
Machine evidence still starts with deterministic source exports. These claims now reference the explicit oc.trust.system-export policy and must match a published connector-ingress profile instead of relying on an implicit “it came from a bot” assumption.
Some claims should still be direct owner statements. Training completion and restore-test attestations stay in this lane, with signer role and signed time carried explicitly.
Operational governance claims often come from delegated approvers rather than from a single top owner. These claims now carry `delegatedBy`, `delegationScope`, signer role, and a trust policy that says delegation is required.
Public signed-artifact manifests now carry a verifier-service identity and trust-policy reference so release signing is not described as a generic key-holder action. The registry now also distinguishes the synthetic reference signer from the environment-override path for non-synthetic publication.
Witness receipts now carry a dedicated witness identity and trust-policy reference. That keeps rerun verification separate from the verifier service that produced the original bundle, and the release line now publishes a corresponding trust-root profile for the release-attestation witness path.
The trust-policy registry lives in the public specs repo and records the actor kinds, signer kinds, required signer roles, and whether delegation is mandatory for a given surface.
System evidence now has one more public contract to satisfy: the source system, collection method, and source-path prefix must match a published connector-ingress profile keyed to the actor identity. That turns system ingress into a visible machine-checkable boundary instead of an untyped bot assertion.
The public specs now also publish the release-trust-root registry. That registry says which signer and witness identities are synthetic reference roots, which profile represents the environment-override path, and which trust policy still governs each lane.
The public evidence-claim schema now carries `trustPolicyRef`, actor role, signer role, signed time, and delegation metadata where required.
The public schema examples now show both the simple system-export case and a delegated-approver attestation case instead of only one flattened example.
The signed release manifest now carries a verifier-service identity and trust-policy reference.
Witness receipts now carry an independent-witness identity instead of leaving the replay witness implied.
This is still not live identity verification. The current public corridor uses synthetic identities and roles by default so the artifact shapes can be inspected and replayed without leaking private organisations or credentials, even though the release line now also publishes the environment-override path for non-synthetic roots.
The distinction between owner, delegated approver, verifier, and witness is what prevents every artifact from looking equally authoritative when they are not. That is one of the core differences between a proof-carrying compliance layer and a polished checklist UI.