More Than a Schema
NIEM and the emergence of governmental semantic infrastructure
There is a document circulating right now inside the International Organization for Standardization that almost nobody outside of government IT has heard of. It is called ISO/IEC CD 26631. It runs to hundreds of pages. It defines, with extraordinary precision, what a Person is. What an Incident is. What an Address is. What a Weapon is. What a BiometricDataCategory is.
It is, in the driest possible sense, a vocabulary list.
It is also, depending on how you read it, one of the most consequential pieces of information architecture produced in the twenty-first century — a direct institutional response to catastrophe, two decades in the making, now being written into the permanent infrastructure of international governance. Scholars of the semantic web, of HL7 and FHIR in healthcare, of W3C and RDF, would dispute that ranking, and they would not be wrong to. But they would be engaging with the argument, which is the point.
This is its story.
Before the Towers Fell
To understand why NIEM exists, you have to understand the specific flavor of failure that defined American intelligence in the years before September 11, 2001.
It was not, primarily, a failure of collection. The United States intelligence community had gathered, in the months prior to the attacks, fragments of information that — assembled correctly — pointed toward what was coming. Al-Qaeda operatives were in the country. Some had taken flight lessons. Specific warnings had been filed.
The 9/11 Commission’s finding was precise and damning: the information existed, but the systems could not talk to each other. The FBI used different databases from the CIA. State and local law enforcement operated in entirely separate information environments. A “Person of Interest” in one system had no reliable relationship to a “Person of Interest” in another. The vocabulary of American security was a tower of Babel, and the gaps between the towers were where the plot lived.
This is the moment NIEM was conceived, though it would take years to be born.
The first response was technical: the Department of Justice had been quietly developing something called the Global Justice XML Data Model — a shared vocabulary for the justice community specifically. When DHS was established in the chaotic months after 9/11, it brought its own data problems: 22 agencies, each with its own systems, suddenly merged into a single department and were expected to share information seamlessly. They could not.
In February 2005, the Chief Information Officers of the Department of Justice and the Department of Homeland Security signed a memorandum of understanding. The National Information Exchange Model — NIEM — was formally launched two months later.
The idea was straightforward, even if the execution was not. Build a shared, standardized vocabulary for government data. Not a single system everyone must use — that was never going to work politically or technically — but a common dictionary. A Rosetta Stone that any system could reference when it needed to send data to any other system.
Then Came the Storm
The ink on NIEM’s founding documents was barely dry when Hurricane Katrina made landfall on August 29, 2005.
What followed is well documented and still difficult to read. Over 1,800 people died. One hundred billion dollars in damage. New Orleans flooded while FEMA executives waited for clarity that never came.
The post-mortems were unambiguous. Federal, state, and local agencies had communications plans. They had assets. They had, in theory, frameworks for coordination. What they lacked was a reliable way to share operational information in real time across jurisdictional and organizational lines.
A House investigation found a complete breakdown in communications that paralyzed command and control. Agencies couldn’t tell each other what resources were where, who needed what, or who was in charge of which piece of which response. The data problem that had allowed 9/11 to happen had now allowed a major American city to drown.
Katrina did something important for NIEM: it moved the argument from the abstract to the visceral. Interoperability was no longer a technical concern for IT departments. It was a matter of who lived and who died when the infrastructure failed.
The DoD adopted NIEM in 2013. The Department of Health and Human Services joined the governance council in 2009. Domain by domain — immigration, biometrics, military operations, emergency management, infrastructure protection — the model grew. By the time it reached maturity, it contained more than 20,000 harmonized data elements, each one the product of negotiation between agencies with different cultures, different systems, and often deeply different interests in how information should be defined.
The Vocabulary is Political
Here is the part that rarely makes it into the technical documentation, but which matters enormously to anyone thinking seriously about information governance.
Every definition in a shared data standard is a choice. When NIEM defines what fields belong to a Person record, it is making an ontological decision about what constitutes a person in the context of government data exchange. When it defines an Incident, it is deciding what counts as an incident, what attributes it has, and what it relates to.
These are not neutral acts. A standard that defines how law enforcement data is structured implicitly shapes what patterns can be detected in that data, what kinds of automated decisions can be made, and who is legible to the state and in what ways.
The justice domain — the largest and most developed in NIEM — carries particular weight here. When a police department in one jurisdiction exchanges a SubjectArrest record with a court system in another, every field in that exchange is governed by a definition that was written, debated, and agreed upon by a committee. The committee’s choices are now infrastructure. They will persist long after the people who made them are gone.
This is, in the most precise sense, archival work. The decisions made by these standards bodies concern how the present will be readable to the future.
Version 6.0 and the AI Threshold
Which brings us to the document you may have recently encountered: ISO/IEC CD 26631, the draft international standard for NIEM Model Version 6.0.
The “CD” designation — Committee Draft — means it is not yet final. It is in review. The underlying architecture was approved as an OASIS Open Project Specification in December 2023, with full OASIS Standard approval following in December 2025 — a distinction that matters in standards governance: Project Specification signals technical readiness, while OASIS Standard signals the broader formal consensus required for international policy adoption. The ISO/IEC process extends that further, giving the specification international institutional legitimacy and making it easier to incorporate into procurement frameworks, regulatory guidance, and intergovernmental interoperability initiatives across member nations.
What makes v6.0 architecturally significant is a single design decision: it is no longer tied to XML. Previous versions of NIEM were XML-based, which was appropriate for 2005 but had become a constraint. Version 6.0 is format-agnostic, supporting XML, JSON, and RDF — the Resource Description Framework that underpins the semantic web and knowledge graphs.
The practical implication is that NIEM data can now be positioned for direct integration into semantic systems, knowledge graphs, AI pipelines, and machine-assisted analytical environments — without the translation layer that XML-only systems required. RDF in particular supports semantic reasoning when paired with appropriate ontologies and inference engines; JSON expands accessibility for modern API-driven systems. OASIS has been explicit about this framing: these standards advance “AI-ready data interoperability.” The direction of travel — toward government data as a structured substrate for computational analysis — is clear in the specification’s design choices, even where a coordinated AI deployment strategy remains to be built on top of it.
This is the threshold moment. For twenty years, NIEM was an infrastructure for human-to-human data exchange — one agency sending a record to another agency, where a human would read it. Version 6.0 is an infrastructure for machine-to-machine data exchange, where an AI system can read it, reason over it, and potentially act on it.
The vocabulary choices made in those 20,000 data elements are no longer just shaping how bureaucrats read each other’s records. They are shaping what AI systems can see.
What the Standard Doesn’t Say
ISO/IEC CD 26631 is a technical standard. It does not contain a theory of justice. It does not address the political economy of government data. It does not resolve the question of who should govern the vocabularies that govern the state.
But it raises those questions, sharply, for anyone paying attention.
The evolution of NIEM from a US federal program to an OASIS Open Standard to a draft ISO/IEC standard represents a shift from national infrastructure to international infrastructure. NIEM’s scope is broader than its origin story implies — it now spans emergency management, immigration, biometrics, maritime, health, military operations, intelligence, and infrastructure protection, not only law enforcement. But the definitions that emerged from the post-9/11 American security apparatus remain foundational to its architecture. The conceptual vocabulary of a specific historical moment — what an incident is, what a subject is, what a biometric category is — is being written into a global framework.
That is not an argument against the standard. Interoperability is genuinely valuable. The failures of 2001 and 2005 were real. The problems NIEM solves are real.
But the MetaArchivist’s job — the archivist’s job, the information scientist’s job, the job of anyone who thinks seriously about how knowledge is structured and preserved — is to notice when vocabulary becomes infrastructure. To ask who wrote the dictionary. To understand that a data standard is not a neutral container for facts, but a framework that determines which facts are visible, how they relate, and what can be done with them.
ISO/IEC CD 26631, Edition 1, is a 20,000-element answer to questions that were never quite asked out loud.
Someone should be asking them now.
ISO/IEC CD 26631 is currently in Committee Draft stage under JTC 1. The underlying NIEM Model v6.0 was approved as an OASIS Open Project Specification in December 2023 and as a full OASIS Standard in December 2025. The NIEMOpen project is governed by OASIS Open and maintained at niem.gov.


