Enforcement

What happens when an agent ignores the policy?

Technical Enforcement

• HTTP 403 — Block non-identifying agents
• Rate Limiting — 429 Too Many Requests via nginx/Cloudflare/WAF
• WAF Integration — Use siteai.json as config source
• Bot Detection — Cross-reference with existing services

Legal Enforcement

• eBay v. Bidder’s Edge (2000) — Violating terms = trespass
• EU AI Act (2026) — Machine-readable opt-out must be respected
• GDPR — Processing requires legal basis
• CFAA (U.S.) — Exceeding authorized access = federal crime

Pragmatic View

Major AI agents WILL respect it (legal liability + reputation). Small legitimate agents WILL (clear rules help). Malicious bots WON’T — but they don’t respect robots.txt either.