The report does not cover the case where a third party -- say dtinit :-) -- were to have a conformance program that A and B go through, and where they accept anybody certified as a partner in a data exchange because they have the certification.
I'm bringing this up because doing this mutual evaluation is not just an N*2 cost problem, but it also doubtful that an individual service provider has the ability to actually ascertain other service providers practices.
/cc @DTinitiative
Also, in many cases, source and destination service providers for a data transfer are direct competitors. Chances are they are less frank with each other about what they do than they would be with a 3rd-party organization.... which also could contractually require, as part of the certification program, that it be informed of major changes etc.
So @DTinitiative, that's all just a thought, I'm sure you have thought about all of this, so I wouldn't be surprised if there were another report soon!