This standard cannot be bought.

Foreningen Custorian. Danish non-profit. CVR 46399455.
Standard licensed CC BY-SA 4.0 — public even if the organisation dissolves.

Board of Directors of Foreningen Custorian. Nine seats. Composition: at most one seat for any commercial entity; the remainder drawn from academic researchers, civil-society organisations, hotline operators, independent child-safety experts, and an independent chair.

The foreningen does not certify platforms directly. Certification is issued by independent accredited Certification Bodies operating under a published scheme. The foreningen maintains the scheme and licenses the “Custorian Certified” trademark to qualifying bodies.

Advisory Board of 8–10 multidisciplinary experts — child rights, law, technology, academia, law enforcement, and a survivor & lived-experience perspective — including one youth representative (16–21). Advises on standard content and ethical oversight. Does not govern.

A separate commercial entity is planned to build production technology that implements the standard. Like any other vendor, it will be subject to certification on identical terms and hold zero vote on the standard. The standard remains usable by any implementer; no single vendor is privileged.

Ten firewalls will separate the foreningen from any commercial entity: board-composition cap (at most one commercial seat of nine), identical-terms certification, 30% single-funder cap, executive overlap limited to 24 months, biennial independent governance review, whistleblower channel to an external ombudsperson, revocable trademark licence. All decisions published with rationale. No pay-to-play.

Pre-publication: working draft → Dansk Standard Dialogue Meeting (31 August 2026) → Flex standard development. After publication: annual review with 30-day public comment; 48-hour emergency review for critical threats.

Each control is an auditable, measurable requirement that a digital service must implement to protect children. 130 are required for conformity. 9 are addressable. Full register: Annex A. Read on Zenodo.

The standard organises 139 controls into six functional domains. Each domain addresses a distinct dimension of child digital safety.

Age verification, age estimation, age-appropriate access, accuracy thresholds. 24 controls.

Algorithmic safeguards, dark patterns, recommender systems, content moderation. 32 controls.

Children's data minimisation, retention, encryption, profiling restrictions. 18 controls.

Parental dashboards, monitoring boundaries, age-graduated child autonomy, multi-guardian support. 18 controls.

Threat detection across seven categories, CSAM reporting, incident response. 30 controls.

Child Safety Officer, staff training, vendor management, regulatory mapping. 17 controls.