The TDM Reservation Protocol is a machine-readable specification that allows content owners to formally reserve their rights to text and data mining (TDM), effectively communicating an opt-out from unauthorized AI training ingestion. It is typically implemented via the robots.txt parser or HTTP response headers, providing a standardized method for rights holders to express usage restrictions to compliant crawlers and automated agents.
Glossary
TDM Reservation Protocol

What is TDM Reservation Protocol?
A technical mechanism for rights holders to declare that their content is not available for text and data mining by automated agents.
This protocol addresses the legal gap between general web crawling permissions and the specific act of extracting data for foundation model training. By signaling a reservation of rights, content owners establish a technical assertion of copyright and database rights, creating a verifiable boundary that distinguishes between permissible indexing for search and prohibited extraction for generative AI corpora.
Key Features of the TDM Reservation Protocol
The TDM Reservation Protocol is a machine-readable rights expression that overrides general crawling permissions. It provides a technical mechanism for content owners to declare that their works are not available for text and data mining, specifically targeting AI training ingestion by compliant automated agents.
Robots.txt Integration
The protocol is implemented directly within the robots.txt file, the primary access control point for automated crawlers. A dedicated directive targets AI-specific user agents:
- Syntax:
User-agent: AI-Crawlerfollowed byDisallow: / - Granularity: Supports wildcard path exclusion to block specific directories while allowing others
- Precedence: TDM reservation directives override general
Allowrules for compliant bots
This leverages existing web infrastructure without requiring new protocols, making adoption straightforward for site administrators.
HTTP Header Signaling
Beyond robots.txt, the protocol can be communicated at the response level using HTTP headers, providing page-level granularity:
- X-Robots-Tag: Set to
noaiornoarchiveto prevent training ingestion - TDM-Reservation: A dedicated header with value
1signals a full reservation of rights - TDM-Policy: Can reference a URL pointing to a machine-readable policy document
Header-based signaling is critical for non-HTML resources like PDFs, images, and API responses where meta tags cannot be embedded.
Compliant Agent Recognition
The protocol relies on voluntary compliance by AI crawler operators. Recognized agents identify themselves via distinct user-agent tokens:
- Google-Extended: Google's dedicated AI training crawler that respects TDM opt-outs
- GPTBot: OpenAI's crawler that can be blocked via robots.txt directives
- CCBot: Common Crawl's bot, used by many training datasets
Non-compliant or unidentified crawlers may ignore these signals entirely, making the protocol a trust-based system rather than an enforceable technical barrier.
Legal Standing & Copyright
The TDM Reservation Protocol serves as a machine-readable expression of copyright reservation, strengthening legal positions:
- EU Copyright Directive: Article 4 provides a legal basis for TDM opt-outs expressed via machine-readable means
- Constructive Notice: The protocol establishes that crawlers had technical notice of usage restrictions
- Licensing Gateway: Reserved content can link to commercial licensing APIs, converting opt-outs into revenue opportunities
This transforms robots.txt from a courtesy convention into a potential legal instrument for rights enforcement.
Relationship to Preference Signals
TDM Reservation operates alongside broader consent frameworks to create a layered rights expression architecture:
- Global Privacy Control (GPC): Browser-level signal that can extend to AI training preferences
- Content Credentials (C2PA): Cryptographically signed metadata that persists through content redistribution
- Consent Receipts: Auditable records proving that opt-out signals were transmitted and acknowledged
This multi-signal approach ensures that rights reservations survive content syndication and are detectable even when content leaves the origin server.
Limitations & Enforcement Gaps
The protocol has significant technical and practical limitations that content owners must understand:
- No Retroactive Effect: Content already scraped before opt-out implementation remains in training datasets
- No Deletion Mechanism: The protocol cannot force removal of data already ingested into model weights
- Jurisdictional Variance: Legal enforceability varies dramatically between the EU, US, and other regions
- Synthetic Reproduction: Models may reproduce memorized content even after opt-out, requiring separate takedown processes
These gaps highlight why TDM Reservation is a necessary but insufficient component of a comprehensive AI governance strategy.
Frequently Asked Questions
Clarifying the technical and legal mechanisms for reserving rights against text and data mining by automated agents.
The TDM Reservation Protocol is a technical specification that allows rights holders to communicate a reservation of rights for text and data mining (TDM) to automated agents. It functions by expressing an opt-out through a robots.txt directive or an HTTP response header, specifically targeting compliant crawlers. The protocol extends the Robots Exclusion Protocol to semantically distinguish between general search indexing and the extraction of data for foundation model pre-training. When a compliant AI crawler encounters a TDM-Reservation: 1 header or a specific Disallow rule scoped to its user-agent, it must cease scraping that resource for training corpora. This mechanism bridges the gap between legal rights reservation under directives like the EU's CDSM Directive and the technical reality of automated web-scale ingestion, providing a machine-readable enforcement layer for copyright and database rights.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Key technical and legal mechanisms that interact with or parallel the TDM Reservation Protocol for controlling AI training ingestion.
Content Exclusion Header
An HTTP response header used to signal to compliant crawlers that specific content or entire site sections should be excluded from AI training datasets. This operates at the HTTP layer rather than the file-system level.
- Example:
X-Robots-Tag: noai, noarchive - Provides page-level granularity without modifying HTML
- Effective for non-HTML resources like PDFs and images
Robots.txt Disallow
A directive within the Robots Exclusion Protocol that instructs compliant automated user agents not to access specified paths. It serves as the primary technical mechanism for a site-wide AI training opt-out.
- Syntax:
Disallow: /private-data/ - Wildcards enable pattern-based blocking:
Disallow: /*.pdf$ - Relies on voluntary crawler compliance; not legally enforceable alone
Preference Signal
A standardized digital indicator that communicates a user's or administrator's consent choice regarding AI training data usage. These signals bridge the gap between human intent and machine-readable directives.
- Global Privacy Control (GPC): Browser-level signal for universal opt-out
- Do Not Scrape: Conceptual signal lacking universal enforcement
- Integrates with Consent Management Platforms for automated syndication
Data Lineage & Provenance
The automated tracking of data's origin, movement, and transformation over time, providing a forensic audit trail to verify that training data has not been contaminated by opted-out sources.
- Provenance Chain: Cryptographically verifiable custody record
- Content Credentials (C2PA): Tamper-evident metadata for ownership signaling
- Essential for enforcing TDM reservations post-ingestion
Right to Object & Erasure
Legal provisions under GDPR that empower data subjects to challenge AI training on their personal data. These rights create retroactive obligations that complicate TDM compliance.
- Right to Object (Art. 21): Absolute right against direct marketing and legitimate interest processing
- Right to Erasure (Art. 17): Compels deletion of personal data from training corpora
- Automated Decision-Making Opt-Out (Art. 22): Refusal of solely automated profiling

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us