Agent Legal Context
The Standard

The Standard

The normative core: /.well-known/legal-context.json — one file, two required fields.

This is the normative core of the Agent Legal Context Protocol. A service implementing this standard publishes a JSON document at a well-known URI. The document points to the service's legal terms. The standard requires no specific technology.

Well-Known URI

A service implementing this standard MUST serve a JSON document at:

https://{domain}/.well-known/legal-context.json

The document MUST be served over HTTPS. The TLS certificate provides domain identity anchoring.

File Format

The discovery document MUST be valid JSON (application/json).

The legal terms referenced in legal-context.json MUST be a standalone file — a discrete, downloadable artifact. Not a section of a webpage. Not dynamically rendered HTML.

The file format does not matter: PDF, Word, Markdown, JSON, plain text, or any other format. The file being a self-contained, downloadable artifact is the requirement.

The file MUST be served via standard HTTP(S) GET. The server SHOULD include a Content-Type header declaring the file format.

Required Fields

{
  "version": "2.0",
  "terms": "https://example.com/terms/v3.pdf"
}
FieldTypeRequiredDescription
versionstringREQUIREDProtocol version. MUST be "2.0" for this specification.
termsstringREQUIREDAbsolute HTTPS URL of the legal terms document. MUST return a standalone, downloadable file.

Two fields. That is the entire normative requirement.

For services with only confidential or private terms, the terms URL MAY return a document stating that terms are provided at transaction time (see Transaction-Time Verification).

Serving Requirements

The discovery document MUST be served over HTTPS.

Clients SHOULD cache the discovery document for a period not exceeding 24 hours. Clients MUST re-fetch after cache expiry. Vendors MAY include standard HTTP cache headers (Cache-Control, ETag, Last-Modified).

Extensibility

The field set is extensible. Implementations SHOULD ignore fields they do not recognize. See Schema for the complete set of optional fields.

What the Standard Does Not Require

  • No hash required
  • No blockchain required
  • No API required
  • No cryptography required
  • No third-party service required
  • No on-chain primitives
  • No specific technology of any kind

Any company can adopt this standard in five minutes: create a JSON file, put it on your web server. Agents learn one convention for finding terms on any service. It works for a solo developer and for JPMorgan. Everything else builds on top voluntarily.

Next

  • Schema — complete field definitions
  • Examples — minimal, intermediate, and full configurations

Trust in Depth

The conceptual framework: Identity, Trust, and the Legal Foundations of Agentic Commerce

Schema

Complete field definitions for legal-context.json — required and optional fields.

On this page

Well-Known URIFile FormatLegal Terms Are a DocumentRequired FieldsServing RequirementsExtensibilityWhat the Standard Does Not RequireNext