Non-certification and legal boundaries

Before relying on report output

Use this page before a private report, public report, PDF export, print export, ticket export, procurement pack or stakeholder summary is shared. WebRiskOps output should stay tied to observed technical evidence, product workflow status and supported next actions.

• Treat reports as evidence and workflow guidance
• Check `legal_boundary_status`, `publication_status`, `report_id` and `disclaimer_text` before sharing.
• Keep claims tied to the observed page, provider state, workflow status and generated evidence.
• Stop sharing when `LEGAL_NON_CERTIFICATION_BOUNDARY`, `LEGAL_BOUNDARY_REQUIRED`, `REPORT_PUBLICATION_BLOCKED` or `UNSAFE_CLAIM_WORDING` applies.

Confirm non-certification wording

Follow the path `Reports → Private report → Boundary wording → Public report or export → Supported next action`.

1. Open `/reports/{report}` before public sharing, PDF export, ticket export or procurement handoff. Result: report summary, findings, evidence and publication controls are visible before external output is created.
2. Check `legal_boundary_status` and `publication_status`. Result: the product shows whether boundary wording is ready or blocking publication.
3. Read `disclaimer_text` near the report summary or export controls. Result: the report is framed as technical evidence and workflow guidance, not a formal opinion, certification or complete assurance statement.
4. Confirm severity, confidence, evidence and recommendations are tied to observed scanner facts. Result: report content does not turn technical findings into formal compliance conclusions.
5. Remove wording that says certified, guaranteed compliant, audit-approved, vulnerability-free, buyer-approved or every issue found. Result: unsafe claims do not bypass publication gates.
6. Keep recommended next actions inside supported workflows such as fix tasks, ticket exports, retests, monitoring or evidence packs. Result: recipients see what can be done next without expanding product claims.
7. If the customer needs a formal opinion, certification, attestation or regulatory interpretation, stop the product handoff and use an external qualified process. Result: WebRiskOps evidence remains supporting material, not the decision itself.
8. Before creating a public report token, PDF, print copy or ticket export, verify the same boundary wording remains visible. Result: external recipients see the same limitation as the private report.
9. If unsafe wording is present, keep `LEGAL_NON_CERTIFICATION_BOUNDARY` or `LEGAL_BOUNDARY_REQUIRED` visible. Result: `REPORT_PUBLICATION_BLOCKED` prevents sharing until the wording is corrected.
10. Continue to Legal boundary wording or Publication gates after the boundary is ready. Result: report sharing uses the same evidence-based language across every output format.

Claims WebRiskOps can make

Use technical, scoped statements that reflect observed product evidence.

• The scanner observed a specific issue on a specific accepted URL.
• Evidence includes available screenshots, HTML snapshots, issue fingerprints, severity, confidence and provider state.
• A supported next action is available, blocked, retrying or complete.
• A report, export or evidence pack is based on the selected account, project, scan, report and workflow.
• A limitation exists because evidence is missing, scope is unsupported, personal data is blocked or provider access is unavailable.

Claims WebRiskOps must not make

Do not turn product output into broader assurance claims.

• Do not claim formal certification, attestation, audit opinion or regulatory approval.
• Do not claim complete coverage of every page, asset, dependency, vulnerability, legal requirement or buyer requirement.
• Do not claim a site, store, app, integration or organization is guaranteed safe, compliant or risk-free.
• Do not claim provider acceptance, customer acceptance or buyer approval unless the external party has provided that status.
• Do not remove limitation notes for missing evidence, unsupported scope, redaction, blocked provider delivery or expired artifacts.

Ready and blocked boundary states

Use these states before sharing report output outside the private workspace.

• Boundary ready means `legal_boundary_status` is ready and `disclaimer_text` appears on private and external-facing output.
• Publication ready means `publication_status`, `public_report_token` or `export_status` can proceed with boundary wording intact.
• Boundary required means `LEGAL_BOUNDARY_REQUIRED` must be resolved before export, publication or ticket delivery.
• Unsafe wording means `UNSAFE_CLAIM_WORDING` found certification, guarantee, complete-coverage or unsupported approval language.
• Publication blocked means `REPORT_PUBLICATION_BLOCKED` or `LEGAL_NON_CERTIFICATION_BOUNDARY` stops sharing until wording is corrected.

Continue after boundary review

When boundary wording is ready, continue to Publication gates, Public reports, PDF and print export or ticket export. Use Legal boundary wording for report-specific copy, Non-certification boundaries for assurance packs and Customer responsibilities when the customer must confirm authorization, scope and external decision ownership.