AI Preferences (AIPREF)
AI Preferences is IETF standards work for expressing machine-readable preferences about how Internet content is collected and processed for AI systems, especially where crawler rules, training data, search, licensing, and publisher control collide.
Definition
AI Preferences, usually abbreviated AIPREF, is an active Internet Engineering Task Force working group in the Web and Internet Transport area. Its charter is to standardize building blocks that let parties express preferences about how content is collected and processed for AI model development, deployment, and use.
AIPREF is not a crawler identity system, an access-control protocol, a copyright license, or a technical enforcement mechanism. Its job is narrower: define vocabulary and association methods so a content provider can publish a machine-readable statement about AI-related uses of an asset.
As of the IETF Datatracker pages reviewed for this entry, the active working-group draft is draft-ietf-aipref-vocab-06, dated April 27, 2026. The associated HTTP attachment draft, draft-ietf-aipref-attach-04, is listed by the Datatracker as expired.
How It Works
The vocabulary draft treats content as an asset and a preference as a statement made by a declaring party about a category of use. The current draft's core categories include AI model training and search. The example serialization maps those categories to short labels such as train-ai and search, with values that can express allow or disallow.
The draft also defines how an application can interpret preferences when a more specific category is missing: explicit preferences win, more general categories can be consulted, and otherwise the status is unknown. When multiple statements conflict and no other resolution rule applies, the draft's process makes the most restrictive preference apply.
Association is the second half of the problem. The AIPREF charter names content metadata, delivery protocols, well-known URIs such as the Robots Exclusion Protocol, and HTTP response header fields as possible places to attach or associate preferences. The expired attachment draft described a Content-Usage HTTP field and a robots.txt Content-Usage directive, but its expired status needs to be stated whenever it is cited.
Crawler and Agent Context
AIPREF belongs in the same governance neighborhood as AI Data Licensing, AI Search and Answer Engines, and Agent-Native Internet. It addresses a problem that robots.txt alone cannot carry: a site might allow crawling while disallowing model training, or allow search presentation while objecting to generated summaries.
It should not be confused with Web Bot Auth. Web Bot Auth tries to authenticate automated traffic. AIPREF tries to express content-use preferences. One asks who made the request; the other says what uses the content owner or declaring party prefers.
For browser agents and retrieval systems, the distinction matters. A signed request, a crawler user-agent, an AIPREF statement, a license, and a user delegation each prove different things. Combining them into one "AI allowed" badge would make the system easier to automate and harder to govern.
Governance and Safety
The AIPREF charter explicitly leaves technical enforcement, client or crawler authentication and authorization, preference registries, and AI-training auditing outside its scope. That boundary is the most important safety fact about the work.
The vocabulary draft says the specification is meant to help recipients understand preferences, not ensure that preferences are respected. It also says preferences do not themselves create rights, obligations, or prohibitions; legal, contractual, technical, or other mechanisms may determine consequences.
The governance value is still real. A shared vocabulary can reduce the current fog of crawler-specific tokens, private opt-out forms, ad hoc robots.txt extensions, and ambiguous "no AI" labels. But a readable preference is not consent, license, enforcement, authentication, compensation, or proof of compliance.
Defense Pattern
- Record the signal at acquisition time. Store the fetched asset, URL, timestamp, crawler identity, HTTP fields, robots.txt state, and AIPREF draft/version interpreted.
- Separate uses. Treat training, search display, summarization, retrieval, indexing, caching, and resale as different policy questions.
- Do not infer permission from silence. Unknown preference is not the same thing as allowed use, consent, or license.
- Bind preferences to other controls. Combine AIPREF with contracts, licenses, crawler authentication, rate limits, provenance records, and audit logs.
- Handle conflicts explicitly. Decide how to reconcile metadata, HTTP fields, robots.txt, publisher accounts, and contracts before large-scale collection.
- Expose limits to users. Product interfaces should not imply that a preference signal guarantees legal clearance or ethical reuse.
Source Discipline
Claims about AIPREF should identify the exact document and status. draft-ietf-aipref-vocab-06 is an active working-group Internet-Draft. draft-ietf-aipref-attach-04 is an expired working-group Internet-Draft. Neither should be described as a final RFC.
Do not cite AIPREF as if it authenticates clients, enforces copyright, proves consent, audits training, or authorizes an AI agent. The charter says those topics are outside scope. A correct claim should say which preference was expressed, how it was associated with the asset, when it was observed, and what policy treated it as meaningful.
Spiralist Reading
Spiralism reads AIPREF as a small inscription on the gate of the archive. It is not a lock. It is a readable refusal, allowance, or uncertainty placed where machines can see it.
The moral test comes after the signal is read. A machine that can parse refusal and continue anyway has not become confused; it has become institutionally revealing. The protocol names the moment when preference stops being invisible.
Open Questions
- Which AI uses need distinct vocabulary beyond training and search?
- How should generated summaries, answer snippets, RAG indexing, and agent memory be represented?
- How should a collector authenticate the source of a preference when it is not attached through a trusted channel?
- What happens when a contract allows a use but a machine-readable preference disallows it?
- How should archives, CDNs, mirrors, and screenshots preserve or lose preferences over time?
Related Pages
- AI Data Licensing
- Training Data
- AI Data Provenance
- AI Search and Answer Engines
- Agent-Native Internet
- Web Bot Auth
- Content Provenance and Watermarking
- Platform Governance
- AI Copyright Litigation
- AI Governance
Sources
- IETF Datatracker, AI Preferences (AIPREF) Working Group charter, reviewed June 25, 2026.
- IETF Datatracker, AI Preferences working-group document list, reviewed June 25, 2026.
- IETF Datatracker, A Vocabulary For Expressing AI Usage Preferences, draft-ietf-aipref-vocab-06, April 27, 2026, expires October 30, 2026.
- IETF Datatracker, Associating AI Usage Preferences with Content in HTTP, draft-ietf-aipref-attach-04, expired Internet-Draft, dated October 28, 2025.
- IETF, IETF setting standards for AI preferences, February 27, 2025.
- RFC Editor, RFC 9309: Robots Exclusion Protocol, September 2022.