Veridra
Built for regulated environmentsEU AI ActNIST AI RMFSR 11-7ISO 42001 (mapped)SOC 2 (in progress)
PlatformSolutionsArchitectureTrustDevelopersCompanyRequest review
AI Defensibility · The Evidence Layer

Deploy AI
you can defend.before regulators, auditors, and courts demand proof.

Veridra is the cryptographic evidence layer for regulated AI. Every decision signed, logged, and provable — to an auditor, a regulator, or a court.

Book an assurance review See the product
CRCIGCAI
Built for Chief Risk, CISO, General Counsel, and AI leadership
Example receipt
Decision Receipt
Verified
Decision ID
dec_92K4A
System
Claims Review AI
Model
claims-risk-v4.2
Risk tier
High
Policy check
Passed
Human review
Approved · 04:18 UTC
Signature
Ed25519 verified
Log inclusion
Proof accepted
Record integrityunchanged
Replayable for 7 years by default. Exportable as evidence without a Veridra dashboard.
EU AI Act Art. 12·GDPR Art. 22·SR 11-7
01 · The pain moment

The moment AI becomes a liability.

A bank, insurer, health system, or government agency uses AI to make a consequential decision. A customer disputes the outcome. An auditor, regulator, or court asks:

  • Which model made the decision?
  • Which policy applied?
  • What data was used?
  • Who approved it?
  • Can you prove it was not changed?

Today, most teams only have logs. Logs are not evidence.

April 2026 · Proof point

A widely reported AI-agent incident ended with a production database deleted and the agent writing a confession that it had bypassed its own safety rules. The confession was still just text: no signed record, no verifiable evidence, and no independent proof of intent, scope, or permission state.

In a small SaaS workflow, that meant hours of reconstruction. In a bank, insurer, health system, or public-sector AI deployment, the same evidence gap becomes examiner action, litigation exposure, and disputed decisions no one can prove cleanly.

02 · The category

Existing tools report. Veridra proves.

Compliance automation, AI governance, and observability each solve a real problem. None of them produce decision-level cryptographic evidence. That is a different category.

CapabilityCompliance automationAI governanceObservabilityVeridra
Decision-level evidence✓ Per-decision signing
Cryptographic proof✓ Ed25519 + Merkle log
Regulator-admissible✓ Evidence packs on demand
Verifiable without vendor✓ Open-source CLI
Per-decision audit trail✓ Replayable, retained 7 years

These categories solve adjacent problems. Veridra solves a different one — and the tools above are deployed alongside it, not replaced by it.

See the explicit scope boundary →
03 · Solutions

Banking AI first.

Highest regulatory pressure. Largest evidence budget. Fastest examiner cycle. Banking is where decision-level proof becomes mandatory first.

Primary wedge

Banking AI

Credit · AML · fraud · underwriting · adverse-action workflows. SR 11-7 model risk management, ECB TRIM guidance, CFPB and state DFS AI supervision. Examiners require defensible model evidence and increasingly reject log-only responses. Banking deploys signed evidence first.

SR 11-7 · EU AI Act · NIST AI RMF · NY DFS · OCC AI Guidance · ECB TRIM
Banking solution overview

Insurance

Claims, pricing, underwriting models with defensible audit trails.

NAIC · State DOI · GDPR Art. 22

Healthcare

Clinical decision support and triage with HIPAA-grade decision accounting.

HIPAA · FDA SaMD · 21 CFR Part 11 · ONC HTI-1

Government

Public-sector AI with sovereign data residency and procurement compliance.

FedRAMP · FISMA · OMB M-24-10
Built for regulated organizations
EU AI Act
Articles 9 · 12 · 14 · 72
NIST AI RMF
Govern · Map · Measure · Manage
ISO 42001
AI management systems · internal mapping
SR 11-7
Federal model risk
HIPAA
PHI & clinical AI
SOC 2
Type II · in progress
GDPR Art. 22
Automated decisions
04 · How it works

From AI decision to defensible proof.

Veridra does not ask a regulator to trust a dashboard. It captures the decision record, signs it, logs it, and produces something another party can verify independently.

01

Decision happens

A model, workflow, or agent participates in a regulated outcome that may later need audit, legal, or examiner review.

02

Veridra captures the record

Inputs, model version, policy checks, human approvals, and operating context are canonicalized into one decision receipt.

03

The receipt is signed and logged

Ed25519 signatures and transparency-log inclusion create a tamper-evident proof path instead of a mutable activity log.

04

Another party can verify it

Risk, audit, regulators, customers, or courts can inspect the record and verify integrity without trusting Veridra to interpret it for them.

05 · Why now
Aug
2026

EU AI Act high-risk obligations become enforceable.

Articles 9, 12, 14, 15, and 72 — risk management, record-keeping, human oversight, accuracy and robustness, and post-market monitoring — apply to every high-risk AI system deployed in or serving the European Union.

Banks, insurers, and healthcare providers deploying AI into regulated decisions need decision-level evidence starting in four months. The enforcement date is fixed. The evidence infrastructure is not yet built. That is what Veridra is.

EU AI Act · enforceable Aug 2026NIST AI RMF 2.0 · adopted across US agenciesSR 11-7 · examiner expectations now include AI
06 · The stakes

The cost of unverifiable AI.

For regulated enterprises, the question isn't whether AI assurance costs money. It's how much a single audit failure, discrimination claim, or board escalation costs without it.

EU AI Act fines
€35Mor 7%
of global annual revenue — whichever is higher
Model risk violations
Boardescalation
SR 11-7 breach — consent decree, MRAs, cap on AI deployment
Discrimination claims
$10M+settlement
Disparate impact class actions, reputational loss
Audit failure
Opsshutdown
Regulators can order AI system withdrawal until remediation

Veridra exists so those headlines never reach your legal department.

07 · Decision evidence

A decision you can hand to a regulator.

Every Veridra-attested AI action is captured as a signed record, anchored to a transparency log, and replayable for years — without trusting Veridra.

signed · attest_recordEd25519 · tlog #842,915
decision_id     "dec_9a3f21b4"
system          "underwriting.v3"
risk_tier       "high"            # EU AI Act Annex III
outcome         "decline"
confidence      0.873

inputs_hash     9a3f…21b4
model_hash      7c41…9d2e           # model card v3.2.1
policy_set      0xf8a2…             # 14/14 checks passed
human_review    "required · pending"
jurisdiction    "EU · DE"
timestamp       "2026-04-25T10:14:08Z"
signature       ed25519: 4f8c…7b2a
tlog_inclusion  verified ✓
08 · Independent verification

Do not trust the dashboard. Verify the proof.

Verification matters only if another party can inspect the receipt without asking Veridra to narrate what happened. The proof path has to survive outside the dashboard.

See the verification path Read the scope boundary
CLI proof path
veridra verify decision-receipt.json --signature sig.ed25519 --inclusion-proof log-proof.json
Signature verified
Timestamp verified
Log inclusion verified
Record integrity verified
What this proves

The receipt was signed, not altered after signing, and anchored to a transparency-log-backed proof path. That is stronger than a screenshot, an activity log, or a vendor export alone.

09 · The platform

Five verbs. One platform.

Every feature Veridra ships strengthens one of these five. Everything else is integration.

Sign

Cryptographic attestation of every decision.

Log

Append to an immutable transparency log.

Prove

Inclusion proofs verifiable without Veridra.

Pack

Regulator-ready evidence in minutes.

Verify

Open-source CLI anyone can run.

10 · The modules

Three modules live today. Two more through 2027.

01LIVE

Govern

Framework mapping, risk register, policy-as-code. EU AI Act, NIST AI RMF, SR 11-7, ISO 42001 crosswalks.

Read more →
02LIVE

Attest

Cryptographic signing. Transparency log. Evidence packs. The signing layer for your AI systems.

Read more →
03LIVE

Watch

Continuous evaluation, drift detection, signed incident records. Always-on assurance.

Read more →
04Q3 2026

Agents

Agent identity governance. Scoped permissions, tool-call audit, human-approval gates.

Read more →
05Q1 2027

Verify

Model lineage and C2PA-ready content authenticity. For every model, every output.

Read more →

Attest is the entry wedge — the signing and evidence layer. Govern and Watch expand the account after deployment.

11 · The product

One integration.
Every decision, proved.

Wrap your model call. Veridra captures the decision, canonicalizes it, signs with your key, logs to a transparency tree, and produces evidence on demand.

1Wrap

One line in your model call — OpenAI, Anthropic, Bedrock, Vertex, or your own.

v.attest(...)
2Canonicalize

RFC 8785 canonical JSON. Deterministic across regions, languages, and time.

sha256:e4d1...b8a3
3Sign

Ed25519 via your KMS. Your key stays in your custody — we never see it.

ed25519.sign(...)
4Log

Append to a Merkle transparency log. Inclusion proof returned in milliseconds.

log_entry #18,942,017
5Prove

Regulator asks. You hand them a signed evidence pack. CLI verifies it offline.

veridra-verify pack.zip
No keys in our hands

Your signing keys live in your KMS — AWS, Azure, GCP, Vault, HSM. Veridra only requests signatures. Revoke at any time and we stop being able to sign.

No customer lock-in

Evidence is verifiable without Veridra. Our CLI is open-source, Apache 2.0. If we shut down tomorrow, your signatures still verify with math alone.

No integration drag

Four SDKs — Python, Node, Go, Java — with one contract. Drop-in wrappers for the major LLM providers. From import to first signed decision in 10 minutes.

Explore the platform Read the quickstart
12 · Framework alignment

Every evidence pack maps to the specific articles, sections, and obligations your regulators will actually check.

EU AI Act
HIGH-RISK

Articles 9, 12, 14, 15, 72 alignment.

European Union
NIST AI RMF
VOLUNTARY

Govern, Map, Measure, Manage — full function coverage.

United States
SR 11-7
MANDATORY

Model risk management controls for US bank examiners.

US Federal Reserve
ISO/IEC 42001
MAPPED

AI management system controls mapped to Veridra evidence workflows; certification remains on the roadmap.

International
HIPAA + FDA SaMD
MANDATORY

Healthcare AI decision accounting and software-as-medical-device oversight.

US Healthcare
GDPR Article 22
MANDATORY

Automated decision-making transparency and human oversight rights.

European Union
13 · Design partner program

Ten founding institutions. Defining the evidence layer together.

Ten regulated enterprises will define Veridra's production platform, framework crosswalks, and evidence standards. Founding partners receive direct founder access, roadmap influence, and long-term pricing.

10 slots open · 3 remaining · pricing locked at long-term rates

Apply as design partner
14 · Engagement

Enterprise Assurance Programs.

Veridra engages with regulated organizations through structured programs — not self-serve SaaS. Every deployment begins with an executive conversation and an assurance review.

Tier 01

Assurance Review

Initial audit of one production AI system. Framework mapping, gap report, and remediation roadmap.

Engagement required · $50K–$120K
  • EU AI Act or NIST RMF mapping
  • Executive risk report
  • Evidence pack template
  • Fixed timeline delivery
  • Board-ready readout
Request review
Limited availability
Tier 02

Design Partner Program

Early enterprise deployment for regulated organizations building defensible AI infrastructure with us.

First 10 partners · $150K–$400K annual
  • Up to 10 AI systems governed
  • Framework crosswalks included
  • Cryptographic attestation
  • Continuous monitoring
  • Founder-led implementation
  • Roadmap influence
Apply as partner
Tier 03

Enterprise Assurance Platform

Global deployment across business units and jurisdictions. Built for institutions with governance obligations at scale.

Multi-year · $500K–$3M annual
  • Multi-region AI governance
  • Unlimited AI systems
  • Private deployment available
  • Dedicated assurance engineer
  • Executive advisory
  • 24/7 incident response
Contact sales
15 · Roadmap

Ship today. Own the control plane.

Veridra's roadmap is deliberate. We ship the layer regulators want now — and we're extending into the deeper control surfaces next.

Now · Q2 2026

Govern · Attest · Watch

Assurance platform live. Evidence packs, policy engine, continuous monitoring. Production-ready.

Q3 2026

Veridra Agents

Agent identity governance on top of Okta, Entra, CyberArk. Attestation and audit for non-human actors.

Q1 2027

Verify · Provenance

Model lineage, content authenticity, AI supply-chain attestation. C2PA-ready.

2027+

Insurance-grade attestation

Underwriter-accepted evidence for AI-caused loss. Category complete.

16 · Security & trust

Built on defense-grade primitives.

Veridra is architected for the highest-assurance environments — regulated banks, healthcare systems, and government contractors. Full trust center, SOC 2 readiness, and architecture documentation at veridra.io/trust.

Encryption everywhere

AES-256 at rest. TLS 1.3 in transit. Customer-controlled keys via HSM or KMS. Ed25519 signatures for every attestation record.

Data residency

Deploy in US, EU, UK, or customer-selected regions. GDPR, Schrems II, and data-sovereignty frameworks accommodated out of the box.

Private deployment

Self-hosted option for regulated institutions. Your infrastructure, your keys, your audit boundary — Veridra runs as software, not a shared service.

Audit-grade retention

7-year default retention on all attestations. Configurable up to 30 years for FDA, pharma, and government contractors with extended obligations.

Incident readiness

24/7 security response for enterprise customers. Coordinated disclosure via security.txt. Transparent post-incident reporting on our status page.

Open by default

Sigstore-compatible transparency logs. Published attestation formats. Customer-verifiable inclusion proofs. No trust required — verify everything.

IN PROGRESSSOC 2 Type II
MAPPEDISO 27001
MAPPEDHIPAA attestation
MAPPEDFedRAMP Moderate
MAPPEDISO 42001
17 · Questions

What buyers actually ask.

How is this different from an AI observability tool?

+
Observability watches performance — latency, errors, throughput. Veridra produces legal-grade evidence. Every decision is cryptographically signed, mapped to regulatory obligations, and replayable years later. Observability tools can't survive an audit. Veridra is built to.

Do we have to change our existing AI stack?

+
No. Veridra is model-agnostic and deploys as a thin layer over your existing infrastructure. OpenAI, Anthropic, in-house models, any cloud. Integration is typically 2–4 weeks.

What's the performance overhead?

+
Sub-3ms per attested inference. Attestation is asynchronous and signed off the hot path. Your application latency is untouched.

Is Veridra certified — is our data secure?

+
SOC 2 Type II in progress. ISO 27001 controls mapped. Private deployment available for regulated institutions. Customer data never leaves your infrastructure in the self-hosted configuration.

How long until we're audit-ready?

+
Assurance Review: 3–4 weeks. Enterprise deployment: 6–12 weeks for full framework alignment, with evidence flowing within 30 days.

Do you work with non-US and non-EU regulators?

+
Yes. Veridra supports NBE (Ethiopia), NDPR (Nigeria), POPIA (South Africa), and the African Union AI Continental Strategy, alongside UK, Singapore MAS, and Japan METI frameworks. If your regulator isn't listed, ask.

AI governance tells companies what they should do.
Veridra proves what their AI actually did.

Book 20 minutes

Trust Signals

Trust signals for regulated AI.

Each trust signal is labeled with its current status so buyers can distinguish active work, internal framework mapping, and future roadmap items.

SOC 2 TYPE II

IN PROGRESS

Independent audit readiness work underway.

ISO 27001

MAPPED

Internal ISO 27001 control mapping is available on request for diligence and procurement reviews.

ISO 42001

MAPPED

Internal ISO 42001 control mapping is available on request for diligence and procurement reviews.

GDPR

ALIGNED

Product and policy posture are designed against GDPR principles; supporting materials are available on request.

EU AI Act

MAPPED

Internal article-level mapping for high-risk AI obligations is available on request.

NIST AI RMF

MAPPED

Internal NIST AI RMF function mapping is available on request.

What each status means

IN PROGRESS

Active readiness or audit preparation is underway.

ROADMAP

Planned certification or framework work; not yet completed.

MAPPED

Veridra maintains internal control mappings to framework requirements; supporting materials are available on request.

ALIGNED

Product and policy posture are designed to follow the framework's principles; supporting materials are available on request.

CERTIFIED

Only used after independent certification is complete.

Important: Mapped and aligned statuses indicate internal framework mapping, not third-party certification. Request supporting materials if you need them for diligence.

Our commitment

We are transparent about where we are today and where we are headed. New certifications and published mapping materials will be added as we achieve them.

Request mapping documentation