Blog

RCAN v2.1:
The First Major Protocol Release

March 26, 2026 · ContinuonAI

Status: Spec stable  ·  SDK target: Q1 2027  ·  Depends on: RCAN Foundation formation (Q3–Q4 2026)

Why a major version?

RCAN v2.1 is the first major version bump of the protocol. It introduces breaking wire-format changes that cannot be made under the v1.x backwards-compatibility guarantee. The release consolidates lessons learned from v1.0–v1.10 and addresses five strategic areas:

Signed Firmware Manifests

Cryptographic proof of robot software provenance. Every v2.1 robot publishes an Ed25519-signed firmware manifest at a well-known endpoint.

Supply Chain Attestation

Hardware and software bill-of-materials on the wire. CycloneDX-based SBOM publication with RCAN extensions.

M2M_TRUSTED Fleet Orchestration

RRF-issued level-6 tokens allow an orchestration system to command an entire fleet without per-robot CREATOR approval at runtime.

ISO/TC 299 Alignment

Formal mapping to ISO 13482, ISO 10218-2, and ISO/IEC 42001. RCAN safety invariants aligned with international standards.

EU AI Act Article 16

Production-ready compliance for high-risk AI systems. New message types for regulatory authority access and audit data export.

RCAN v2.1 is a clean break from v1.x. There is no version negotiation, no downgrade path, and no support for v1.x envelope fields in v2.1 receivers. Several changes — new required envelope fields, removal of deprecated aliases, RURI format extensions, and role level restructuring — made this the right boundary for a major version.

External drivers

DriverDeadlineImpact
EU AI Act (2024/1689) Art. 16August 2026High-risk AI systems must maintain traceability and post-market monitoring. v2.1 provides wire-level compliance.
ISO/TC 299 (Robotics)OngoingInternational safety standards for service and industrial robots. v2.1 aligns RCAN safety invariants with ISO normative requirements.
NIST AI RMF2026 updatesRisk management framework for AI systems. v2.1 audit trail maps directly to NIST RMF functions.
Supply chain attacksOngoingFirmware integrity attacks on IoT/robotics. v2.1 makes firmware provenance verifiable at the protocol level.

Breaking changes

Deprecated alias removal

The following rcan-ts aliases, deprecated in v1.8, are removed in v2.1:

Deprecated AliasCanonical NameValueNotice Period
FEDERATION_SYNCFLEET_COMMAND23v1.8 (Mar 2026) → v2.1 (Q1 2027): 10+ months
ALERTFAULT_REPORT26v1.8 (Mar 2026) → v2.1 (Q1 2027): 10+ months
AUDITTRANSPARENCY16v1.8 (Mar 2026) → v2.1 (Q1 2027): 10+ months
signature: "pending"(hard-removed)v1.0 (Jan 2026) → v2.1 (Q1 2027): 12+ months

Message envelope changes

New required fields in the v2.1 message envelope:

v2.1 envelope additions (protobuf)
// NEW in v2.1 — required for all messages string firmware_hash = 13; // SHA-256 of sender's firmware manifest string attestation_ref = 14; // URI to SBOM/attestation document // NEW in v2.1 — required for COMMAND and INVOKE string delegation_chain = 15; // Serialized delegation chain (now required)

v2.1 receivers reject messages missing firmware_hash. There is no fallback.

RURI format extension

RURI format
# v1.x format (accepted only at L1) rcan://registry.rcan.dev/manufacturer/model/version/device-id # v2.1 signed format (required at L2+) rcan://registry.rcan.dev/manufacturer/model/version/device-id?sig=<base64url>

The sig query parameter carries a detached Ed25519 signature over the RURI path. At L2+, unsigned RURIs are rejected. At L1, unsigned RURIs are accepted. Invalid signatures always fail regardless of level.

Role level restructuring

v2.1 restructures human roles and introduces two machine authorization tiers:

Levelv1.x Namev2.1 NameChange
1GUESTGUESTNo change
2USER / LEASEEOPERATORConsolidated; LEASEE removed
2.5(contribute scope)CONTRIBUTORFormalized as a proper level
3OWNERADMINRenamed; OWNER removed
4(new)M2M_PEERRobot-to-robot peer authorization; issued by ADMIN
5CREATORCREATORNo change
6(new)M2M_TRUSTEDRRF-issued fleet orchestration; multi-owner consent required

New features

Signed firmware manifests

Every RCAN v2.1 robot MUST publish a firmware manifest at {ruri}/.well-known/rcan-firmware-manifest.json. The manifest is Ed25519-signed by the manufacturer's key registered in the RRF:

rcan-firmware-manifest.json
{ "rrn": "RRN-000000000001", "firmware_version": "v2026.4.1.0", "build_hash": "sha256:a1b2c3d4...", "components": [ { "name": "brain-runtime", "version": "3.2.0", "hash": "sha256:e5f6a7b8..." } ], "signed_at": "2026-04-01T00:00:00Z", "signature": "base64url..." }
Conformance requirement: A v2.1 L2+ implementation MUST verify the firmware manifest signature on first connection and on every firmware update. A failed signature check MUST trigger a FAULT_REPORT (26) with fault_code: "FIRMWARE_INTEGRITY_FAILURE".

Supply chain attestation (SBOM)

v2.1 defines a standard for robots to advertise their software bill of materials at {ruri}/.well-known/rcan-sbom.json, following the CycloneDX v1.5+ format with RCAN extensions. The attestation_ref field in the v2.1 message envelope points to this SBOM endpoint, enabling any message recipient to verify the sender's software supply chain.

M2M_TRUSTED fleet orchestration

The new M2M_TRUSTED (level 6) role enables a cloud orchestration system to issue COMMAND, INVOKE, and CONFIG messages to an entire fleet without requiring per-robot CREATOR approval at runtime. Unlike M2M_PEER (authorized by a single ADMIN), M2M_TRUSTED tokens are issued exclusively by the RRF root key after aggregating explicit consent from every fleet owner:

M2M_TRUSTED JWT claims
{ "sub": "orchestrator:fleet-brain-prod-001", "rcan_role": "m2m_trusted", "rcan_scopes": ["fleet.trusted"], "fleet_rrns": ["RRN-000000000001", "RRN-000000000005"], "exp": 86400, "iss": "rrf.rcan.dev", "rrf_sig": "base64url-ed25519..." }

Hard constraints: tokens expire in ≤ 24 h, fleet_rrns must be an explicit list (no wildcards), the orchestrator cannot issue further tokens, and ESTOP from any source is always honored regardless of role level. Any CREATOR can revoke consent at any time; revocation propagates within 60 seconds via the RRF revocation list.

ISO/TC 299 alignment

v2.1 introduces normative references to ISO safety standards and maps RCAN provisions to ISO requirements:

RCAN ProvisionISO StandardMapping
§6 Safety invariantsISO 13482:2014RCAN ESTOP maps to ISO 13482 protective stop
§2 RBACISO 10218-2:2011RCAN role levels satisfy ISO access control
§16 TransparencyISO/IEC 42001:2023RCAN audit chain provides ISO AI management evidence
§7 ConfidenceGateISO 13482:2014Confidence thresholds map to ISO risk-based decision gates
§9 Ed25519 signingISO/IEC 27001:2022Ed25519 satisfies ISO cryptographic control requirements

A new iso_conformance block in the DISCOVER payload lets robots declare which ISO standards they conform to:

DISCOVER payload (v2.1)
{ "capabilities": ["..."], "iso_conformance": { "iso_13482": true, "iso_10218_2": false, "iso_42001": true } }

EU AI Act Article 16

Article 16 of the EU AI Act requires providers of high-risk AI systems to maintain quality management, technical documentation, logging, corrective action capability, and authority cooperation. v2.1 maps these requirements directly to protocol features:

Quality Management

v2.1 audit chain + SBOM provide continuous quality evidence for the entire robot lifecycle.

Technical Documentation

Firmware manifests + transparency records keep documentation up to date automatically.

Logging (Art. 12)

RCAN commitment chain (§16) satisfies the logging capabilities requirement.

Authority Cooperation

New AUTHORITY_ACCESS message type (41) lets regulators request audit data per Art. 16(j).

New message types

ValueNameDirectionDescription
41AUTHORITY_ACCESSauthority → robotRegulator requests audit data access per EU AI Act Art. 16(j)
42AUTHORITY_RESPONSErobot → authorityRobot provides requested audit data
43FIRMWARE_ATTESTATIONrobot → registryRobot publishes signed firmware manifest to registry
44SBOM_UPDATErobot → registryRobot publishes updated SBOM

Conformance levels

v2.1 introduces L5: Supply Chain and adds M2M_TRUSTED requirements on top of the existing L1–L4 hierarchy:

LevelLabelKey Requirement
L1CoreDISCOVER, STATUS, COMMAND, RURI addressing, JWT auth
L2SecureL1 + HiTL gates, Ed25519 signing, AuditChain, firmware_hash, signed RURI
L3FederatedL2 + commitment chain, cross-registry discovery
L4RegistryL3 + REGISTRY_REGISTER/RESOLVE roundtrip, RRN validation
L5Supply ChainL4 + firmware manifest verification, SBOM publication, AUTHORITY_ACCESS handler, EU AI Act Art. 16

Migration from v1.x

v2.1 is a clean break. There is no version negotiation and no downgrade path. Upgrade all robots in a fleet simultaneously, or run v1.x and v2.1 fleets as separate networks.

Why no negotiation? The new required envelope fields (firmware_hash, attestation_ref) have no safe fallback in v1.x receivers. A v2.1 sender omitting them for negotiation would be operating below its declared conformance level. Given the small ecosystem size and our goal of clean security guarantees, a coordinated fleet upgrade is the right path.

Timeline

MilestoneTargetStatus
v2.1 spec publishedMarch 2026✓ Done — wire format locked
RCAN Foundation formedQ3 2026Foundation board ratifies spec
EU AI Act enforcementAugust 2026Art. 16 obligations enforceable; OpenCastor L5 critical path
v2.1 SDK alphasMarch 2026rcan-py 1.1.0a1, rcan-ts 1.1.0a1
v2.1 RCMarch 2026Release candidate; conformance suite L5 finalized
v2.1 ReleaseMarch 2026rcan-py 1.1.0, rcan-ts 1.1.0, OpenCastor ≥2027.1.x

Open questions

  1. M2M_PEER mutual TLS — Should M2M_PEER (level 4) require mutual TLS in addition to JWT?
  2. SBOM format — CycloneDX is normative. Should SPDX be supported as an alternative?
  3. Firmware attestation frequency — Re-attest on every boot, or only on firmware change?
  4. ISO liaison — Should TC 299 membership be a Foundation or ContinuonAI responsibility?
  5. MessageType range — Reserve 41–50 for regulatory types and 51–99 for extensions, or allow flexible allocation?
Join the discussion: File feedback on the OpenCastor GitHub, or reach out to the team at rcan.dev.

References

← Back to Blog