diff --git a/PROJECT_STATES.md b/PROJECT_STATES.md
new file mode 100644
index 0000000..c8518f3
--- /dev/null
+++ b/PROJECT_STATES.md
@@ -0,0 +1,127 @@
+# CDCF Project States
+
+| | |
+|---|---|
+| **Version** | v0.1 (draft for community review) |
+| **Status** | Working draft — pending publication to foundation website |
+| **Scope** | All projects submitted to or hosted within the CDCF ecosystem |
+| **Relationship** | Companion to [CDCF Project Vetting Criteria v0.1](https://github.com/CatholicOS/foundation-docs/blob/main/ai-governance/ai-vetting-criteria.md) |
+| **Origin** | CDCF board and advisory council review session, Wednesday, March 11, 2026 |
+
+---
+
+## Origin of This Document
+
+This document captures decisions and language confirmed during the CDCF board and advisory council review of the governance framework on Wednesday, March 11, 2026. Every decision in the table below derives directly from that session.
+
+| Decision | Source |
+|---|---|
+| Change scope from "AI governance" to "project governance" — AI tools are among the projects vetted, not the only ones | Fr. John R. D'Orazio, Vice Chair and Lead Developer |
+| The Church needs one shared meaning of "vetted" that works everywhere, from the Holy See down to a rural parish — this constraint originated the two-gate model | Fr. John R. D'Orazio, Vice Chair and Lead Developer |
+| Framework is versioned and iterable — publish after review period, revise based on community feedback | Fr. John R. D'Orazio, Vice Chair and Lead Developer |
+| Gate 1 = the why (theological/mission alignment); Gate 2 = the how (technical/operational deployment) | Diglio Simoni, Technical Advisory Council |
+| Gate 1 is CDCF's differentiator from secular incubators — "not everything that can be done should be done" | Diglio Simoni, Technical Advisory Council |
+| CDCF is not providing church oversight — it means committed Catholics across disciplines have reviewed a project against defined benchmarks | Taylor Black, President |
+| Projects in the ecosystem do not all need to go through vetting — make project states explicit | Taylor Black, President |
+| Use "states" not "stages" — a project can remain in Experimental indefinitely and still provide community value | Taylor Black, President |
+| If CDCF does its job, 10,000 developers will engage with these governance standards — project states must be clear enough to scale | Taylor Black, President |
+| Framework endorsed — "This is fantastic, faithful and technical work, right in line with the mission of CDCF" | Taylor Black, President; Andrew DeBerry, Treasurer |
+| CDCF sets itself apart by providing not only the how but the why | Eugenio Zucal, Secretary |
+| Three-tier articulation: exploratory → first review (incubation) → second review (active/endorsed) | Mark Julius Banasihan, Technical Advisory Council |
+| Labels "Experimental" and "Incubating" make status visible without slowing early innovation | Mark Julius Banasihan, Technical Advisory Council |
+
+---
+
+## Why CDCF Project Review Differs from Secular Incubators
+
+Fr. John R. D'Orazio identified the design constraint that produced the two-gate model: the Church needs one shared meaning of "vetted" that works everywhere, from the Holy See down to a rural parish. Diglio Simoni confirmed the resulting differentiator against Apache and other secular incubators on March 11, 2026.
+
+| | Gate 1 | Gate 2 |
+|---|---|---|
+| **Question** | Should the Church use this tool at all? | If yes, how should it be deployed responsibly? |
+| **Type** | Theological / mission alignment | Operational / technical deployment |
+| **Primary council** | Ecclesial Advisory Council | Technical Advisory Council |
+| **Grounded in** | Magisterial teaching, Canon Law, Catholic Social Teaching | Engineering standards, deployment governance, subsidiarity compatibility |
+| **Apache equivalent** | No equivalent — CDCF's specific contribution | Closely maps to Apache Software Foundation incubation criteria |
+| **Vetting criteria** | C1 Mission Alignment · C2 Human Accountability · C3 Transparency · C4 Independent Validation · C5 Subgroup Performance · C6 Deployment Governance | C7 Documentation and Data Stewardship · C8 Governance, Maintenance, and Subsidiarity Compatibility |
+
+The manifesto states the mission directly: "Our mission is to aggregate, vet, and communalize these gifts." Project states operationalize that sequence. Aggregate covers Experimental. Vet covers Incubating. Communalize covers Active.
+
+---
+
+## The Three Project States
+
+### State Definitions
+
+| State | Definition | Duration | Vetting Applied | CDCF Endorsement |
+|---|---|---|---|---|
+| **Experimental** | Part of the CDCF ecosystem for community collaboration. No formal review. No endorsement. | Indefinite — no expectation of progression | None | None |
+| **Incubating** | Has satisfied all six Gate 1 criteria. Mission alignment and theological threshold confirmed. Under active development toward Gate 2. | Active development period | Gate 1 — all six criteria required | Theological and mission alignment confirmed |
+| **Active** | Has satisfied Gate 2 while maintaining full Gate 1 compliance. Meets full deployment governance requirements. | Ongoing — requires sustained maintenance and named accountability | Gate 1 + Gate 2 — all eight criteria required | Full endorsement — recommended for Catholic institutional deployment |
+
+---
+
+### What Each State Means in Practice
+
+| | Experimental | Incubating | Active |
+|---|---|---|---|
+| **For contributors** | Build, collaborate, iterate freely. No review requirements. | Gate 1 cleared. Develop with Gate 2 requirements in view. | Represents the foundation. Maintenance, version control, vulnerability response, and named accountability required. |
+| **For Catholic institutions** | Apply your own discernment. No CDCF review has occurred. | Gate 1 satisfied — theological threshold met. Gate 2 gaps remain. Evaluate accordingly. | Recommended for institutional deployment. A diocesan technology director could deploy this without access to the original authors within 90 days. |
+| **For the aggregator** | Catalogued as community work in progress. | Catalogued as under active CDCF review. | Catalogued as foundation-endorsed. |
+| **Hackathon projects** | Correct home for hackathon and prototype work. | Entered once maturity warrants formal review. | Entered once full deployment readiness is established. |
+
+---
+
+### Gate 2 Subsidiarity Requirement
+
+Criterion 8 requires that every Active project remain configurable at the parish, diocesan, or institutional level without a central authority absorbing local control. This derives from four sources.
+
+| Source | Provision |
+|---|---|
+| CDCF Bylaws, Article I Section 2 | Subsidiarity listed as a governing organizational principle under the ethical technology and AI purpose clause |
+| CDCF Manifesto (translating Belloc) | "The purpose of the foundation is to support cooperation among Church institutions in maintaining a shared digital infrastructure — preserving each institution's independent ability to use, contribute to, and govern its own data and tools — without centralizing ownership or control beyond what is necessary for sustainability." |
+| *Catechism of the Catholic Church* §1894 | "No larger body may take over the legitimate initiative and responsibility of a smaller one." |
+| *Antiqua et Nova* §42 | The responsibility for managing AI wisely "pertains to every level of society, guided by the principle of subsidiarity." |
+
+A project that functions only under conditions of centralized administration fails Criterion 8 and does not reach Active status.
+
+---
+
+## Current CDCF Projects by State
+
+The four projects currently listed on catholicdigitalcommons.org carry the label "Incubating" as a descriptive placeholder that predates the formal vetting framework. The vetting criteria document now provides the definition of what Incubating formally requires. These projects have not yet been evaluated against the Gate 1 criteria. The table below reflects their current site label and the formal vetting status as of March 2026.
+
+| Project | Type | Site Label | Formal Vetting Status | Notes |
+|---|---|---|---|---|
+| Catholic Semantic Canon | Data / Ontology | Incubating | Pre-vetting | Long-term ontology project — no defined endpoint. Continues to evolve across versions. Diglio Simoni is the primary contributor. |
+| OntoKit | API | Incubating | Pre-vetting | Collaborative OWL ontology curation API. Authentication layer in development. |
+| Bible API | API | Incubating | Pre-vetting | Fr. John R. D'Orazio is the author. Documentation in progress. |
+| Liturgical Calendar API | API | Incubating | Pre-vetting | Fr. John R. D'Orazio is the author. Authentication layer completion required before documentation begins. |
+
+The vetting criteria document provides the pathway for any of these projects to move from pre-vetting to formally Incubating status under Gate 1.
+
+---
+
+## Relationship to Existing Documents
+
+| Document | Role | Relationship to This Document |
+|---|---|---|
+| [CDCF Project Vetting Criteria v0.1](https://github.com/CatholicOS/foundation-docs/blob/main/ai-governance/ai-vetting-criteria.md) | Primary policy document — defines all eight criteria in full | Defines *what* is evaluated at each gate. This document defines *when* those criteria apply. |
+| [Fragmented Catholic AI Governance](https://github.com/CatholicOS/foundation-docs/blob/main/ai-governance/fragmented-catholic-ai-governance.md) | Research memo — documents the fragmentation problem | Provides the empirical foundation for why a shared project states framework is urgent. |
+| [Governance-as-Code for Catholic AI](https://github.com/CatholicOS/foundation-docs/blob/main/ai-governance/governance-as-code-catholic-ai.md) | Research memo — machine-readable deployment governance | Describes the technical implementation the Active state is designed to grow into. |
+| CDCF Manifesto | Founding document — theological and mission direction | Source of the aggregate / vet / communalize mission that project states operationalize. |
+| CDCF Bylaws, Article I Section 2 | Legal instrument — organizational purposes | Source of subsidiarity as a binding organizational principle. |
+
+---
+
+## Invitation to Iterate
+
+| Council | Appropriate scrutiny |
+|---|---|
+| Ecclesial Advisory Council | Theological and canonical basis for state transitions — particularly the Gate 1 criteria that define the formal Incubating threshold |
+| Technical Advisory Council | Gate 2 deployment criteria — whether the Active state requirements hold in real diocesan, health system, and educational institution environments |
+| Board | Whether the three-state model and the pre-vetting / formally-vetted distinction accurately reflects the organizational intent confirmed on March 11, 2026 |
+
+Contributions, challenges, and proposed revisions are welcome via pull request or issue on the [CatholicOS GitHub](https://github.com/CatholicOS).
+
+*Drafted in response to the CDCF board and advisory council review session, Wednesday, March 11, 2026. Decisions by Fr. John R. D'Orazio, Taylor Black, Andrew DeBerry, Eugenio Zucal, and Diglio Simoni are documented above. Grounded in the CDCF Manifesto, CDCF Bylaws, and CDCF Project Vetting Criteria v0.1.*
diff --git a/ai-governance-operational-gaps.md b/ai-governance-operational-gaps.md
new file mode 100644
index 0000000..d160e63
--- /dev/null
+++ b/ai-governance-operational-gaps.md
@@ -0,0 +1,260 @@
+# CDCF AI Governance: Five Operational Gaps
+
+| | |
+|---|---|
+| **Document type** | Research memo |
+| **Status** | Working draft — U.S.A. C-DART 1 discussion |
+| **Relationship** | Supplementary to [CDCF Project Vetting Criteria v0.1](https://github.com/CatholicOS/foundation-docs/blob/main/ai-governance/ai-vetting-criteria.md) and [CDCF Project States v0.1](https://github.com/CatholicOS/foundation-docs/blob/main/PROJECT_STATES.md) |
+
+---
+
+## Table of Contents
+
+1. [Purpose](#purpose)
+2. [Gap 1 — Model Drift Has No Re-Vetting Trigger](#gap-1--model-drift-has-no-re-vetting-trigger)
+3. [Gap 2 — No Incident Response Protocol](#gap-2--no-incident-response-protocol)
+4. [Gap 3 — The Aggregator Is an Unvetted AI Tool Serving Governance Infrastructure](#gap-3--the-aggregator-is-an-unvetted-ai-tool-serving-governance-infrastructure)
+5. [Gap 4 — Magisterial Sources Table Has No Maintenance Process](#gap-4--magisterial-sources-table-has-no-maintenance-process)
+6. [Gap 5 — Conflict of Interest Protocol Does Not Cover TAC or EAC Members](#gap-5--conflict-of-interest-protocol-does-not-cover-tac-or-eac-members)
+7. [Strategic Context: CDCF's Position in the Catholic AI Ecosystem](#strategic-context-cdfcs-position-in-the-catholic-ai-ecosystem)
+8. [Gap Summary and Ownership Table](#gap-summary-and-ownership-table)
+9. [Bibliography](#bibliography)
+
+---
+
+## Purpose
+
+The CDCF Project Vetting Criteria v0.1 establishes what "vetted" means for projects submitted to the foundation. The criteria are rigorous at the point of evaluation. Five governance gaps exist in what happens before, during, and after that evaluation. Each gap is documented here with a specific failure scenario, the criteria or bylaws provision affected, a named owner within the existing CDCF governance structure, and a proposed resolution.
+
+None of these gaps require new criteria. Four require process documents. One requires a bylaws amendment.
+
+---
+
+## Gap 1 — Model Drift Has No Re-Vetting Trigger
+
+### The Problem
+
+The vetting criteria evaluate a tool at a point in time. Most AI tools submitted to CDCF will not be built from scratch — they will wrap or depend on foundation models from OpenAI, Anthropic, Google, or equivalent providers. Those foundation models change when vendors release updates. A tool that clears all eight CDCF criteria in March 2026 may behave differently by September 2026 after a vendor updates their underlying model without notice to the tool's developer or to CDCF.
+
+This is not theoretical. Catholic Answers launched "Father Justin" in April 2024 — an AI chatbot that presented itself as a priest-figure and claimed it could administer sacraments. The system required withdrawal within days.[1] That failure would have occurred regardless of prior vetting if the tool's underlying model had been updated to cross the sacramental boundary after initial review. The vetting criteria document cites this case explicitly under Criterion 1 as the boundary condition a shared standard would have identified before a single line of code shipped. The same failure mode can occur post-vetting when model behavior shifts.
+
+### What Is Missing
+
+The current framework has no definition of what constitutes a material change in a tool's behavior. It has no mechanism for triggering re-evaluation when a vendor updates their underlying model. It has no process for moving an Active project back to Incubating or Experimental status. A tool can hold Active status indefinitely after initial Gate 2 clearance.
+
+### Magisterial Grounding
+
+*Antiqua et Nova* §42 establishes that the responsibility for managing AI wisely "pertains to every level of society." Active status implies ongoing responsibility, not a single point of clearance. Canon 1609's pattern of deliberation with the capacity to revise judgments applies to governance decisions, not only initial ones.
+
+### Proposed Resolution
+
+A Re-Vetting Trigger Policy document defining three conditions that require re-evaluation of an Active project:
+
+| Trigger | Description |
+|---|---|
+| **Foundation model update** | The tool's underlying model is updated by the vendor — any version change above a defined threshold |
+| **Behavioral deviation report** | A verified report from a deploying institution that the tool is producing outputs outside the scope documented at Gate 2 |
+| **Criterion 1 boundary proximity** | Any output approaching the sacramental simulation, authoritative teaching misrepresentation, or clerical identity boundaries defined in Criterion 1 |
+
+Re-evaluation is not a full Gate 1 and Gate 2 review. It is a targeted review of the criteria most likely affected by the change, conducted by the TAC with EAC input on Criterion 1 boundary questions.
+
+### Named Owner
+
+Technical Advisory Council. Diglio Simoni holds a US patent for semantic test suite reduction — the discipline of defining exactly which tests are required to verify system behavior after a change. That expertise maps directly onto defining what constitutes a material behavioral deviation requiring re-review.
+
+---
+
+## Gap 2 — No Incident Response Protocol
+
+### The Problem
+
+The vetting framework endorses tools. It has no documented procedure for what happens when an endorsed tool causes harm in a Catholic institutional context.
+
+Three documented failure scenarios in contexts directly relevant to CDCF:
+
+**Scenario A — Catechetical harm.** A Gate 2 Active catechetical AI deployed by a diocesan schools office produces doctrinally incorrect content about a sacrament. Students receive the content before a teacher identifies the error. The content spreads through parent WhatsApp groups.
+
+**Scenario B — Healthcare bias.** A Gate 2 Active clinical decision support tool deployed at a CommonSpirit facility produces triage recommendations that disproportionately underserve a minority patient population — the bias pattern documented in COMPAS criminal sentencing (cited in the vetting criteria under Criterion 3) reproduced in a Catholic healthcare context.[2]
+
+**Scenario C — Data breach.** A Gate 2 Active parish management tool suffers a breach exposing sacramental records — the highest-sensitivity data category under Criterion 7's data stewardship requirements.
+
+In all three scenarios, the current framework has no escalation path, no defined communication protocol to institutions that deployed the tool, no process for suspension of Active status, and no documented authority for who makes the suspension decision.
+
+### What Is Missing
+
+Taylor Black clarified on March 11, 2026: CDCF endorsement is not church oversight — it means committed Catholics across disciplines have reviewed a project against defined benchmarks. That clarification creates a gap between endorsement and ongoing accountability that an incident response protocol must bridge.
+
+### Proposed Resolution
+
+An Incident Response Protocol document covering four phases:
+
+| Phase | Action |
+|---|---|
+| **Detection** | Defined reporting channels for deploying institutions, community members, and affected parties to submit verified incident reports |
+| **Assessment** | TAC review within 72 hours to determine whether the incident constitutes a material behavioral deviation under Gap 1 criteria; EAC review for Criterion 1 boundary incidents |
+| **Response** | Three possible outcomes: Active status maintained with documented mitigation, Active status suspended pending re-vetting, Active status revoked with documented rationale |
+| **Communication** | Defined protocol for notifying all institutions that have deployed the tool, including the nature of the incident, the foundation's response, and recommended institution-level actions |
+
+### Named Owner
+
+Andrew DeBerry (Treasurer) as primary author. He helped draft the Department of Defense's responsible AI principles and launched AI governance and youth protection products at Meta. He has institutional muscle memory for exactly this type of protocol. Fr. Michael Baggot (EAC) for oversight of doctrinal incident classification. Taylor Black (President) for final suspension/revocation authority as a board-level decision.
+
+---
+
+## Gap 3 — The Aggregator Is an Unvetted AI Tool Serving Governance Infrastructure
+
+### The Problem
+
+Fr. John R. D'Orazio described an AI-powered web scraper on March 31, 2026 that will scour for news, events, and projects related to Catholicism and technology to build a knowledge base and aggregator. That scraper is itself an AI tool. It will:
+
+- Make algorithmic decisions about what Catholic technology content to include or exclude
+- Apply editorial judgment about what constitutes relevant Catholic technology news
+- Build a knowledge base that will inform how the Catholic technology ecosystem understands itself and its participants
+- Serve as the primary discovery mechanism for projects seeking CDCF incubation
+
+The aggregator is governance infrastructure. It shapes what projects become visible to CDCF, which organizations enter the vetting pipeline, and how the broader Catholic digital community perceives what is happening in Catholic AI. An aggregator that systematically includes or excludes certain types of projects — not from malice but from training data bias or scope definition errors — distorts the governance process it is designed to serve.
+
+The Vatican warned explicitly in January 2025 that AI poses serious risks from "biased or fabricated information" and "fake news," and that those who produce and share AI-generated content must "exercise diligence in verifying the truth of what they disseminate."[3]
+
+### What Is Missing
+
+The aggregator has not been submitted for Gate 1 review. CDCF is building an AI tool to serve its own governance infrastructure without subjecting that tool to its own governance process.
+
+### Proposed Resolution
+
+The aggregator passes through a streamlined Gate 1 review before deployment, with three specific questions replacing the full six-criterion Gate 1 process:
+
+| Gate 1 Question Applied to the Aggregator | Why It Applies |
+|---|---|
+| C1 Mission Alignment: Does the aggregator's scope definition align with CDCF's stated mission? | The aggregator defines what "Catholic technology" means algorithmically. That definition must reflect the mission. |
+| C2 Human Accountability: Is there a named human reviewer responsible for aggregator outputs before they enter the knowledge base? | Algorithmic curation without human review is the exact failure mode Criterion 2 exists to prevent. |
+| C3 Transparency of Scope: Is the aggregator's inclusion/exclusion logic documented and reviewable? | Institutions and projects need to know why they appear or do not appear in the knowledge base. |
+
+### Named Owner
+
+Fr. John R. D'Orazio as builder; TAC for the technical Gate 1 assessment; EAC for Criterion 1 mission alignment review.
+
+---
+
+## Gap 4 — Magisterial Sources Table Has No Maintenance Process
+
+### The Problem
+
+The Magisterial Grounding table in the vetting criteria document lists eight sources as of March 2026. New Magisterial AI documents are being issued at a rate the current framework cannot absorb without a defined maintenance process. Between the framework's drafting and April 2026:
+
+| Document | Body | Date |
+|---|---|---|
+| *Antiqua et Nova* | Dicastery for the Doctrine of the Faith and Dicastery for Culture and Education | January 28, 2025 |
+| USCCB Joint Letter on AI Principles and Priorities | United States Conference of Catholic Bishops | June 2025 |
+| Address to Builders AI Forum | Pope Leo XIV | November 3, 2025 |
+| Address on Children and Adolescents in the Age of AI | Pope Leo XIV | November 13, 2025 |
+| Address on AI and Care for Our Common Home | Pope Leo XIV | December 5, 2025 |
+| Vatican City State AI Guidelines | Pontifical Commission for Vatican City State | Effective January 1, 2026 |
+| Message for the 60th World Day of Social Communications | Pope Leo XIV | January 2026 |
+
+Vatican City State's guidelines established a five-person AI commission to prepare laws, provide opinions on AI systems, and monitor implementation.[4] That commission is now producing regulatory documents that will affect Catholic institutions globally. The vetting criteria must track that output or they will cite outdated Magisterial authority while a more current standard exists.
+
+New documents that cite earlier documents as their authority — and then update or extend that authority — can silently invalidate criteria grounded in the earlier documents if no one is monitoring the chain.
+
+### What Is Missing
+
+No defined monitoring responsibility. No update authority. No version trigger connecting new Magisterial documents to a criteria review cycle.
+
+### Proposed Resolution
+
+A Magisterial Sources Monitoring Protocol assigning:
+
+| Role | Responsibility |
+|---|---|
+| **Primary monitor** | Fr. Michael Baggot (EAC) — Associate Professor of Bioethics at Regina Apostolorum, member of the Magisterium AI scholarly advisory board, contributor to *Emerging Issues in Catholic Bioethics* (Springer, 2026). Reviews new Vatican and episcopal conference AI documents within 30 days of publication. |
+| **European episcopal monitor** | Fr. Charbel Bteich (EAC) — Vice General Secretary of the Council of European Bishops' Conferences (CCEE) since November 2024. Monitors CCEE member conference AI governance developments. |
+| **Update authority** | EAC proposes table updates; board approves; Fr. John R. D'Orazio publishes new version to the repo. |
+| **Trigger threshold** | Any new Magisterial document that introduces new AI-specific guidance, modifies an existing principle, or establishes a new institutional structure (such as the Vatican City State AI commission) triggers a 60-day criteria review cycle. |
+
+---
+
+## Gap 5 — Conflict of Interest Protocol Does Not Cover TAC or EAC Members
+
+### The Problem
+
+CDCF Bylaws Article VIII requires board members and committee members to disclose conflicts and abstain from votes where a conflict exists. The provision does not explicitly extend to TAC or EAC members reviewing submitted projects.
+
+The TAC includes members with active professional relationships at organizations that are potential CDCF project submitters or whose clients are:
+
+| TAC Member | Employer / Organization | Potential Conflict Scenario |
+|---|---|---|
+| Taylor Black | Microsoft Office of the CTO | Microsoft or a Microsoft partner submits a project |
+| Randy Danielson | Microsoft Azure Edge | Same as above |
+| Gabriel Dorta | Former Microsoft and Accenture | Former employer or its clients submit a project |
+| Diglio Simoni | Wipro (AI initiatives for Apple, T-Mobile, SABIC) | Wipro client or competitor submits a project |
+| Andrew DeBerry | Former Google X, AWS, Meta | Former employer ecosystems submit a project |
+
+This is not a hypothetical risk. The Builders AI Forum Vatican conference in November 2025 included representatives from Microsoft, Palantir Technologies, and Goldman Sachs — all organizations with Catholic institutional relationships and potential technology project submissions.[5] Microsoft has signed the Rome Call for AI Ethics. A Microsoft-affiliated project submitted to CDCF for vetting would create an undocumented conflict of interest for at least two TAC members simultaneously.
+
+The EAC carries an equivalent risk. Fr. Michael Baggot serves on the Magisterium AI scholarly advisory board. If Magisterium AI submits a project for CDCF Gate 1 review, Fr. Baggot would be reviewing a project from an organization he actively advises.
+
+### What Is Missing
+
+Bylaws Article VIII covers board and committee members. It does not explicitly name TAC and EAC members as covered parties in the context of project vetting reviews. The gap is one of scope, not of principle — the principle is already in the bylaws.
+
+### Proposed Resolution
+
+A two-paragraph addendum to Bylaws Article VIII extending the conflict of interest provision to TAC and EAC members participating in project vetting reviews:
+
+- Any TAC or EAC member with a current or recent (within 24 months) professional relationship with a project submitter or its parent organization must disclose that relationship before the review begins.
+- Disclosure is filed with the Secretary (Eugenio Zucal). The member abstains from voting on that project's vetting decision. They may provide technical input at the board's discretion.
+
+### Named Owner
+
+Eugenio Zucal (Secretary) owns the bylaws amendment process. The fix is a one-meeting board vote. The addendum does not require rewriting Article VIII — it requires a supplement of two paragraphs.
+
+---
+
+## Strategic Context: CDCF's Position in the Catholic AI Ecosystem
+
+This gap is not a process document. It is a positioning question the board must answer.
+
+The Builders AI Forum (BAIF) held its first Vatican conference in November 2025 with roughly 200 participants including software engineers, venture capital partners, Catholic media producers, bishops, and Vatican communications officials.[5] Magisterium AI is a live product with an institutional advisory board that includes Fr. Michael Baggot. Hallow has millions of users. The Rome Call for AI Ethics has been signed by Microsoft, IBM, and others.
+
+CDCF has no documented position on how it relates to or differs from BAIF, Magisterium AI, or the Rome Call signatories. Three scenarios exist:
+
+| Scenario | Risk |
+|---|---|
+| CDCF operates in isolation | Produces standards that duplicate or conflict with BAIF and Magisterium AI without coordination |
+| CDCF is absorbed into BAIF | Loses the Gate 1 theological differentiation that the March 11, 2026 board session confirmed as CDCF's unique contribution |
+| CDCF defines its relationship explicitly | Positions itself as the governance and commons infrastructure layer that BAIF's builder community and Magisterium AI's product ecosystem both need |
+
+The third scenario is the one consistent with CDCF's founding documents. The manifesto's mission — aggregate, vet, and communalize — is a commons infrastructure mission, not a product mission. CDCF governs the ecosystem. BAIF builds inside it. Magisterium AI is a product that could be submitted for CDCF vetting.
+
+That positioning requires a document. A one-page ecosystem positioning memo from the board that defines CDCF's relationship to adjacent Catholic AI organizations would close this gap and give the TAC and EAC clear framing for how to handle requests from those organizations.
+
+---
+
+## Gap Summary and Ownership Table
+
+| Gap | Affected Document | Owner | Resolution Type | Urgency |
+|---|---|---|---|---|
+| 1 — Model drift, no re-vetting trigger | Vetting Criteria (all criteria) | Diglio Simoni, TAC | Process document | High — any Active project is currently at risk from silent vendor model updates |
+| 2 — No incident response protocol | Vetting Criteria + Bylaws | Andrew DeBerry, Fr. Michael Baggot, Taylor Black | Process document | High — CDCF has Active projects pending; incident response must precede first deployment |
+| 3 — Aggregator is unvetted AI | Vetting Criteria C1, C2, C3 | Fr. John R. D'Orazio, TAC, EAC | Streamlined Gate 1 review | High — aggregator development is active |
+| 4 — Magisterial sources, no maintenance | Vetting Criteria (Magisterial Grounding table) | Fr. Michael Baggot, Fr. Charbel Bteich, EAC | Protocol document | Medium — 7 new documents issued since framework drafting |
+| 5 — Conflict of interest, TAC/EAC uncovered | Bylaws Article VIII | Eugenio Zucal, Board | Bylaws addendum | Medium — resolves before any project from a TAC/EAC-affiliated organization enters vetting |
+| Strategic — CDCF ecosystem positioning | None (does not exist) | Board | One-page positioning memo | Medium — required before BAIF, Magisterium AI, or Rome Call signatories engage with CDCF formally |
+
+---
+
+## Bibliography
+
+1. "The Real Lesson Behind the 'Father Justin' AI Priest Debacle," *America*, April 26, 2024, https://www.americamagazine.org/faith/2024/04/26/father-justin-catholic-answers-ai-247808.
+
+2. Julia Angwin, Jeff Larson, Surya Mattu, and Lauren Kirchner, "Machine Bias," *ProPublica*, May 23, 2016, https://www.propublica.org/article/machine-bias-risk-assessments-in-criminal-sentencing.
+
+3. Dicastery for the Doctrine of the Faith and Dicastery for Culture and Education, *Antiqua et Nova: Note on the Relationship Between Artificial Intelligence and Human Intelligence* (Vatican City: Dicastery for the Doctrine of the Faith, January 28, 2025), https://www.vatican.va/roman_curia/congregations/cfaith/documents/rc_ddf_doc_20250128_antiqua-et-nova_en.html.
+
+4. Vatican City State, Decree on the Use of Artificial Intelligence in Vatican City State, Pontifical Commission for Vatican City State, effective January 1, 2026, https://www.vaticanstate.va.
+
+5. "Pope Leo XIV Urges Catholic Technologists to Spread the Gospel with AI," Catholic News Service, November 7, 2025, https://www.usccb.org/news/2025/pope-leo-xiv-urges-catholic-technologists-spread-gospel-ai.
+
+6. "Vatican City State Puts AI Guidelines in Place," Catholic News Service, January 2025, https://www.usccb.org/news/2025/vatican-city-state-puts-ai-guidelines-place.
+
+*Drafted by Mark Julius Banasihan, U.S.A. C-DART 1. April 2026. Submitted to CDCF for community review.*