Certification Scheme Rules v0.1

Status: Draft. Governs all certificates issued from first issuance; written to satisfy ISO/IEC 17065 (see Appendix A cross-reference) ahead of accreditation. Date: June 11, 2026 Companion documents: Protocol Specification (the normative technical basis), Fee Schedule.

The key words MUST, MUST NOT, SHOULD, and MAY are to be interpreted as described in RFC 2119. “The Scheme” means these rules. “The CB” (certification body) means Snevara’s certification function as defined in §3.

1. Purpose and scope

1.1 What this scheme certifies

A certificate under this Scheme attests traceability facts: that a defined product scope’s supply-chain events were captured, verified, and continuously reconciled in conformance with the Snevara Traceability Protocol at a stated tier (T1–T4) and custody model (IP/SG/MB), within a stated scope of facilities and origin classes.

1.2 What this scheme does NOT certify

A certificate under this Scheme is not an attestation of: food safety or product quality beyond the measurements named in the certificate scope; labor conditions; environmental performance; nutritional or health properties; or regulatory compliance of the client generally. Every certificate and every fact sheet MUST carry the scope statement and the “NOT VERIFIED” enumeration (Protocol §11.1). A client communication that attributes uncovered meanings to the certificate is a nonconformity (§8.4).

1.3 Certification basis

The normative basis for any certificate is, in order of precedence:

These Scheme Rules (versioned);
The Protocol Specification (versioned, currently v0.1);
The applicable Category Profile (versioned, e.g., honey/0.1).

The versions in force for a given certificate are fixed at each (re)certification decision and stated on the certificate. Migration between versions follows §10.

1.4 Open access and implementation neutrality

Certification under this Scheme MUST be available to any applicant whose systems conform to the Protocol Specification, regardless of whether the applicant uses Snevara’s platform or a third-party/self-built implementation of the open protocol. Access to certification MUST NOT be conditioned on the purchase of any other Snevara product or service. Conformance of a non-Snevara implementation is evaluated against the protocol’s published test vectors and anchoring/inclusion-proof requirements at the applicant’s cost.

2. Definitions

Term	Meaning
Client	The legal entity holding or applying for a certificate.
Scope of certification	The tuple (client, facilities, category profile, origin classes, tier, custody model) a certificate covers.
Evaluation	All activities determining conformance: data review, reconciliation analysis, audits, sampling, lab results.
Decision	The formal grant, refusal, maintenance, suspension, withdrawal, or scope change of certification — made by a person who did not perform the evaluation.
Surveillance	Ongoing evaluation after issuance: continuous reconciliation, random sampling, scheduled and unannounced audits.
Suspension	Temporary, reversible removal of `active` status.
Withdrawal (revocation)	Permanent termination of a certificate for its scope.
Complaint	Information from any party alleging a problem with a certified product, a client, or the CB.
Appeal	A client’s formal request to reconsider a Decision.
IAC	Impartiality and Appeals Committee (§3.4).

3. Governance, impartiality, and independence

3.1 Legal structure and the platform/certifier question

Snevara both supplies a traceability platform and certifies against the protocol that platform implements. This is a structural impartiality threat and is managed openly rather than denied:

Now (pre-accreditation): the certification function operates as a separate business unit with its own management line, budget, and records (“the CB”). Platform sales, support, and development personnel MUST NOT perform evaluations or make Decisions.
Before accreditation application: the CB is moved into a separate Indian legal entity. The accreditation body’s assessment of this structure is expected and welcomed.
Always: §1.4 (implementation neutrality) ensures the CB certifies protocol conformance, not platform usage. Platform support is product support; it is not consultancy on how to achieve certification.

3.2 Prohibited activities

The CB and its personnel MUST NOT:

provide consultancy to clients or applicants (designing their supply-chain processes, pre-arranging their data to pass, advising how to remediate beyond stating the nonconformity and the requirement);
certify a scope in which the CB, its personnel, or Snevara holds a commercial interest in the products themselves;
receive any payment, gift, or benefit from a client outside the published fee schedule.

Stating what requirement failed and what evidence would demonstrate conformance is not consultancy; proposing how to reorganize the client’s operation is.

3.3 Fee independence (restated as a scheme requirement)

All fees are fixed in advance, published, and payable regardless of outcome (§9).
No CB or Snevara employee’s compensation may depend on any client’s certification outcome or retention.
Evaluation personnel MUST NOT know the revenue significance of the client they are evaluating beyond what is operationally unavoidable.

3.4 Impartiality and Appeals Committee (IAC)

Composition (target): ≥ 3 members independent of Snevara’s ownership and management: one certification/TIC-industry expert, one category/technical expert (e.g., food authenticity scientist), one consumer- or buyer-interest representative. Members are publicly named, serve fixed renewable terms, and disclose conflicts per matter.
Functions: annual impartiality threat review (published in the transparency report, §7.4); hearing appeals (§8.3); reviewing any Decision the scheme manager refers as conflict-sensitive.
Staged implementation (honest version): until the IAC is constituted (deadline: before the first certification Decision under accreditation; target Q1 2027), appeals are heard by an external independent reviewer under contract, named publicly, with the same powers as the IAC for appeal purposes. Certificates issued in this period state it (§10.3).

3.5 Personnel independence and rotation

The Decision-maker for a certificate MUST NOT have performed any part of its evaluation, and MUST NOT have had a commercial relationship with the client within 2 years.
A lead auditor MAY conduct at most 3 consecutive annual audits for the same client, then MUST rotate off for ≥ 2 cycles.
Spot auditors and samplers are assigned per engagement; assignment for unannounced activities is not disclosed in advance to anyone outside the CB, including Snevara platform staff.
Any person MAY recuse, and MUST recuse upon a conflict; recusals are recorded.

3.6 Confidentiality

CB personnel and subcontractors are bound to confidentiality covering all non-public client information (quantities, prices, supplier graphs, unpublished exceptions under investigation). Disclosures legally compelled by authorities are made as required; the client is informed unless the law prohibits it. Public information is defined exhaustively in §7.

4. Personnel competence

Role	Minimum competence requirements
Application reviewer	Protocol training (certified internal curriculum + exam); category profile knowledge
Reconciliation analyst	Protocol training; demonstrated proficiency on the invariant engine and exception triage (supervised period: 20 cases)
Lead auditor	Recognized audit training (e.g., ISO 19011 basis); category expertise; protocol training; ≥ 2 witnessed audits before solo lead
Origin spot auditor	Protocol training (capture, sealing, sampling); category field knowledge; ≥ 1 witnessed visit
Sampler	Protocol §10.4 and sample chain-of-custody training; independence from client (MUST NOT be client personnel)
Decision-maker	All of the above curricula at familiarization level; scheme rules examination; appointment by CB management, recorded

Competence records (training, witnessed activity, authorizations per category profile) are maintained per person. Authorization is per category profile — a honey-authorized auditor is not thereby coffee-authorized.

4.1 Subcontracting

Laboratories MUST hold ISO/IEC 17025 accreditation covering the methods used (category profile panel). Labs receive samples identified by code, not client name, wherever method requirements permit.
Field auditors/samplers MAY be contractors under written agreements imposing §3 (impartiality, confidentiality) and §4 (competence) in full. The CB retains responsibility for all subcontracted work; the Decision is never subcontracted.

5. The certification process

5.1 Application

The applicant submits: legal identity; requested scope (facilities, category profile, origin classes, tier, custody model); implementation declaration (Snevara platform or third-party per §1.4); device inventory with classes; registered processes with yield intervals; supplier/origin facility list for the scope.

Application review confirms the request is within the Scheme’s published scope, the category profile exists, and the applicant’s structure can in principle meet the tier’s requirements (e.g., T3 requested but origin facilities unregistered → returned with the gap stated). Review outcome and reasons are recorded.

5.2 Initial evaluation

All of the following MUST be completed:

Live data window. The scope MUST operate under full protocol capture, with all invariants (Protocol §7) enforced, for ≥ 60 days AND ≥ 1 complete production cycle through the scope (origin → packed unit for the tier requested), before a certificate can be decided. Critical exceptions during the window MUST be resolved; their occurrence does not bar certification — unresolved ones do.
Initial on-site audit of each facility in scope: process walkthrough against registered processes; device verification (classes, calibration); seal stock control; physical inventory count reconciled against declared inventory (activates Protocol I-5).
Origin verification (T3+): registration checks of origin facilities; an initial spot-visit sample (≥ 10% of origin facilities or 3, whichever is greater).
Forensic baseline (T4): the category profile’s lab panel executed on a verifiable-random selection from window lots at the profile rate (minimum 2 lots).
Third-party implementations (§1.4): protocol conformance evaluation (test vectors, anchoring proofs, event signing) before the data window begins.

The evaluation output is a written report: conformity per requirement, nonconformities (classified minor/major), and unresolved exceptions.

5.3 Review and decision

A Decision-maker (per §3.5) reviews the application, evaluation report, and reconciliation record, and decides: grant / grant with reduced scope or lower tier / refuse.
Refusals and reductions state reasons in writing. A refused applicant may reapply at any time after addressing the stated grounds; the data-window requirement restarts only to the extent the gaps require.
The decision record (who, what, when, basis) is retained per §7.5.

5.4 Certificate issuance and content

The certificate states: client; scope (facilities, category profile + version, origin classes); tier × custody model; Scheme/Protocol/profile versions; issue date; certification-cycle expiry (§5.5); the live status URL; the accreditation status line (§10.3); and the scope-limits statement (§1.2). Issuance includes the mark license (§6) and publication in the public registry.

5.5 Certification cycle and surveillance

Cycle: 3 years from initial decision, subject at all times to continuous status (below). Recertification (full §5.2-equivalent evaluation) is required before each new cycle.
Continuous surveillance (the scheme’s distinguishing feature): 100% of lots reconciled against the invariants in near-real-time; certificate status is a continuous function of the rolling compliance window (Protocol §10.1), not an annual snapshot.
Periodic surveillance: annual on-site facility audit (with stock count); unannounced origin spot audits and verifiable-random lab sampling at the profile rates (Protocol §10.3–10.4), with post-exception escalation rates as specified there.
A client’s refusal or obstruction of any surveillance activity (audit access, sampling, unannounced visits) is grounds for immediate suspension and, if unremedied within 30 days, withdrawal.

5.6 Changes

Client-initiated: scope extensions (new facilities, origin classes, tier upgrades) require evaluation of the delta; tier upgrades additionally require the new tier’s data-window evidence. Custody model changes are scope changes.
Client notification duties. The client MUST notify the CB within 72 hours of: known or suspected adulteration/fraud touching the scope; recalls; loss of control of signing keys or seal stock; insolvency events; changes to registered processes or major suppliers. Late notification of a reportable event is a major nonconformity.
Scheme-initiated: profile or protocol version migrations per §10.

5.7 Suspension

Automatic: any unresolved critical exception in scope (Protocol §9.1) suspends the certificate within 24 hours, publicly. This is not discretionary and not stayed by appeal (§8.3).
Discretionary: accumulation of unresolved major nonconformities; mark misuse (§6.3); fee non-payment after 30-day notice; obstruction (§5.5).
During suspension the client MUST NOT apply the mark to new production and MUST NOT represent the scope as certified. Maximum suspension: 90 days, after which the Decision-maker MUST either reinstate (on resolution) or withdraw.

5.8 Withdrawal (revocation)

Grounds:

LAB_ADULTERATION_CONFIRMED attributable to the client’s scope;
demonstrated falsification of events, evidence, seals, or inventory declarations;
≥ 3 suspensions within 12 months from the same root cause;
unresolved suspension at the 90-day limit;
obstruction per §5.5; persistent mark misuse per §6.3.

Effects: permanent loss of the certificate for the scope; registry status revoked with stated grounds-class; mark removal from new production immediately and from client communications within 5 business days; re-application for the same scope barred for 12 months (grounds 1–2) or 6 months (others), and any re-application is treated as initial certification with a doubled data window. Withdrawal decisions are made by a Decision-maker uninvolved in the underlying evaluation and are appealable (§8.3).

5.9 Voluntary termination

A client may terminate at any time; status becomes withdrawn (voluntary) — publicly distinct from revocation — and mark-removal duties apply as in §5.8.

6. Certification mark and claims of conformity

6.1 The mark

The mark is a registered certification trademark, licensed (not assigned) to clients for the certified scope only, for the duration of active status. Every use on product MUST be accompanied by: the tier × custody model designation and the scannable unit QR resolving to the live fact sheet.

6.2 Claim language

Permitted: factual restatements of the certificate (“Origin verified to apiary level — T4-IP — see fact sheet”).
Prohibited: paraphrase into evaluative or aspirational language attributed to the certificate — “ethical”, “sustainable”, “responsible”, “clean”, scores, or rankings “as certified by Snevara”. Clients remain free to make their own marketing claims on their own authority — they may not put them in the Scheme’s mouth.
An MB-scope certificate MUST NOT be presented as a per-unit content claim (Protocol §6.3).

6.3 Misuse enforcement

Notice with 10-business-day cure → major nonconformity → suspension → withdrawal (persistent/willful), in escalating order, plus trademark enforcement for use by non-clients or after withdrawal. Detected misuse and its outcome appear in the transparency report (§7.4).

7. Information: public, confidential, records

7.1 Public, always

Scheme Rules and all versions; Protocol and profiles; fee schedule; the registry of all certificates including suspended, withdrawn, and revoked, with status history and grounds-class; the methodology; annual transparency report; IAC membership.

7.2 Public, per product

The fact sheet content defined in Protocol §11.1 — including the NOT VERIFIED enumeration and inconclusive lab results.

7.3 Confidential

Commercial quantities, prices, supplier graphs, PO contents, exception investigations in progress (until resolved), audit working papers. Confidentiality survives termination.

Personal data is handled per India’s Digital Personal Data Protection Act, 2023 and — where personal data of EU data subjects is processed — the GDPR. The protocol’s architecture (off-chain data, on-chain salted commitments only; Protocol §5.2) is designed to satisfy both, including erasure requests.

7.4 Annual transparency report

Published yearly: applications received/granted/refused; certificates by tier and category; suspensions and withdrawals with grounds-classes; exception statistics by code; sampling volumes and lab outcome distribution (including suspicious and inconclusive counts); appeals filed and outcomes; impartiality review summary; the pass rate — a certifier that never fails anyone is publishing its own indictment.

7.5 Records

All applications, evaluations, decisions, surveillance records, exceptions, disputes, appeals, and mark-use records retained 10 years from record creation (exceeding EUDR’s 5-year and typical food-safety retention requirements), in a form allowing reconstruction of any certificate’s full history against anchored data.

8. Complaints and appeals

8.1 Complaints (anyone may complain)

Channels: public web form (linked from every fact sheet’s REPORT A PROBLEM), email, post. Anonymous complaints are accepted and assessed on evidence.
Acknowledgment within 5 business days; the complainant receives the outcome (within confidentiality limits) when investigation closes.
A complaint alleging product non-conformance is triaged into the exception process (Protocol §9) — i.e., a substantiated consumer complaint can suspend a certificate exactly like an internal detection. Complaints about the CB itself go to the scheme manager and are reported to the IAC.

8.2 No-retaliation

Adverse action by a client against a complainant (e.g., a supplier or employee who reported) is itself a major nonconformity.

8.3 Appeals (clients, against Decisions)

Filed in writing within 14 days of the Decision; free of charge.
Heard by the IAC (or the contracted independent reviewer during the §3.4 staging period); no person involved in the contested evaluation or Decision participates.
Target resolution: 45 days. The appellant may submit evidence and be heard.
Appeals do not stay automatic suspensions (§5.7): registry truthfulness outranks client convenience. Appeals do stay withdrawal effects other than suspension, pending the outcome, except in grounds-1/2 cases (confirmed adulteration/falsification).
Outcomes: uphold / overturn / remand for re-evaluation; published in summary in the transparency report. IAC appeal outcomes bind the CB.

8.4 Client-side claim disputes

Disputes about whether a client’s marketing exceeds §6.2 are decided by the scheme manager, appealable like any Decision.

9. Fees

Published schedule, structure fixed by these rules:

Component	Basis
Application & review	Fixed per scope
Initial evaluation	Fixed per facility + per origin-facility sample visit; travel at documented cost
Certification decision & issuance	Fixed
Annual surveillance	Fixed per facility per year
Lab sampling	Per-sample at lab cost + published handling margin
Scope changes	Fixed per delta type
Appeals	Free

Invariants: no component is contingent on outcome; no volume rebates tied to passing; no expedite fees that bypass any evaluation step (expedite MAY purchase scheduling priority only). Fee changes apply from the client’s next cycle, never retroactively.

10. Versioning, transition, accreditation status

10.1 Scheme versioning

These rules are versioned; the version governing a certificate is fixed at its most recent (re)certification Decision. Rule changes that tighten requirements take effect for existing certificates at their next annual surveillance, with a minimum 90-day notice; loosening changes may apply immediately.

10.2 Protocol/profile migrations

Profile version migrations specify a grace window (default 180 days) during which either version satisfies surveillance. Invariant-affecting changes never apply retroactively to already-anchored events.

10.3 Accreditation status disclosure

Accreditation is sought from NABCB (the National Accreditation Board for Certification Bodies, under the Quality Council of India), which accredits to ISO/IEC 17065 and has been an IAF MLA signatory for that standard since 2013 — NABCB-accredited certificates therefore carry international recognition, including with EU and US buyers. Until the CB holds this accreditation for this Scheme, every certificate, the registry, and the mark license MUST state: “Issued by a certification body not yet accredited; methodology public at [URL].” Upon accreditation, certificates issued under accreditation are distinguished in the registry. No certificate issued pre-accreditation may be represented as accredited.

10.4 Succession

If the CB ceases operation, clients are notified, the registry remains published read-only for ≥ 5 years (status frozen with a cessation notice), and clients may present their anchored event history to any successor certifier — the open protocol and public anchoring exist precisely so the facts outlive the certifier.

Appendix A — ISO/IEC 17065 cross-reference (for the accreditation gap analysis)

ISO/IEC 17065 clause	These rules
4.1 Legal and contractual matters	§3.1, §5.4 (license), §10.4
4.2 Management of impartiality	§3.1–3.5
4.3 Liability and financing	§9; errors & omissions insurance (policy to be referenced here when bound)
4.4 Non-discriminatory conditions	§1.4, §9
4.5 Confidentiality	§3.6, §7.3
4.6 Publicly available information	§7.1–7.2
5.1 Organizational structure	§3.1, §3.5
5.2 Mechanism for safeguarding impartiality	§3.4 (IAC)
6.1 Personnel	§4
6.2 Resources for evaluation (incl. outsourcing)	§4.1
7.1–7.4 Application, review, evaluation	§5.1–5.2
7.5 Review / 7.6 Decision	§5.3
7.7 Certification documentation	§5.4
7.8 Directory of certified products	§7.1 (registry)
7.9 Surveillance	§5.5
7.10 Changes affecting certification	§5.6, §10
7.11 Termination, reduction, suspension, withdrawal	§5.7–5.9
7.12 Records	§7.5
7.13 Complaints and appeals	§8
8 Management system	To be implemented as the CB’s QMS (separate manual; not duplicated here)

Known gaps to close before the NABCB application: constituted IAC (§3.4 staging), separate Indian legal entity (§3.1), bound E&O policy reference (4.3), QMS manual (clause 8).

Appendix B — Certificate template (fields)

SNEVARA CERTIFICATE OF SUPPLY-CHAIN TRACEABILITY
Certificate no. · Client (legal name, registry no.)
Scope: facilities (ids, GLNs) · category profile + version · origin classes
Certification: TIER × CUSTODY MODEL
Basis: Scheme Rules vX · Protocol vX · Profile vX
Issued · Cycle expiry · Live status: [URL]
Accreditation status line (§10.3)
Scope limits: this certificate attests traceability facts only (§1.2);
see the NOT VERIFIED enumeration on each product fact sheet.
Decision record ref. · Signature (Decision-maker, CB)

End of Certification Scheme Rules v0.1.

Snevara Certification Scheme Rules v0.1 (Draft)