What Does ODRL Mean? A Cross-Level Ontological Grounding of Permissions, Prohibitions, and Duties in UFO-L

Bridging Policy and Ontology: Why ODRL’s Grounding in UFO-L Matters for AI Governance

A new paper on arXiv tackles a fundamental blind spot in digital rights management: current ODRL (Open Digital Rights Language) policy evaluators can determine whether an action is permitted, prohibited, or obligated, but they remain silent on the deeper normative and social structures those policies presuppose. The researchers propose grounding ODRL’s core concepts—permissions, prohibitions, and duties—in UFO-L, a foundational ontology for legal relations. This cross-level grounding aims to answer questions ODRL currently cannot: What normative positions does a policy create? What authority structures do those positions rely on? And crucially, who has the power to declare a norm violated?

What the Research Actually Does

The paper does not propose a new policy language. Instead, it performs an ontological analysis that maps ODRL’s abstract constructs to the richer conceptual framework of UFO-L, which itself draws on legal theory and social ontology. By doing so, the authors expose implicit assumptions in ODRL—for example, that a “prohibition” implies an authority capable of issuing and enforcing that prohibition, and that a “duty” presupposes a counterparty with a corresponding claim-right. This is not merely philosophical housekeeping; it has direct implications for how policies are authored, interpreted, and contested in multi-stakeholder environments.

Why This Matters Now

As AI systems increasingly operate under complex policy regimes—from data usage licenses to model behavior constraints—the gap between policy specification and normative reality becomes dangerous. An ODRL policy might state “the model must not generate harmful content,” but it cannot express who has standing to determine what “harmful” means, or what happens when the duty is breached. Without this grounding, AI governance frameworks risk being brittle: they enforce rules without understanding the social and legal context that gives those rules meaning.

For AI practitioners, this research highlights a critical vulnerability in current policy engineering. When we deploy AI systems governed by ODRL-like policies, we are implicitly relying on unexamined assumptions about authority, normativity, and enforcement. The paper’s approach offers a path toward more robust policy frameworks that can handle disputes, exceptions, and evolving interpretations—capabilities essential for high-stakes AI applications in healthcare, finance, or law.

Implications for AI Practitioners

First, this work suggests that current policy languages may be insufficient for AI governance at scale. Practitioners should consider whether their policy infrastructure can represent not just what is allowed, but who decides and under what authority. Second, the UFO-L grounding provides a template for building more expressive policy systems that can model normative positions explicitly—a capability that becomes critical when AI systems interact with legal frameworks like GDPR or HIPAA. Third, the paper implicitly warns against treating policies as self-contained logical rules; they are embedded in social and institutional contexts that must be modeled for reliable operation.

Key Takeaways

• ODRL’s current evaluators determine compliance but cannot represent the authority structures, normative positions, or enforcement powers that policies presuppose.
• Grounding ODRL in UFO-L reveals hidden assumptions about who holds power to interpret and enforce norms—a gap that undermines AI governance in multi-stakeholder contexts.
• AI practitioners should audit their policy frameworks for implicit authority claims and consider whether their systems can handle contested interpretations of rules.
• Future AI governance tools should integrate ontological grounding to model not just policy content, but the social and legal context that gives policies meaning and enforceability.