Veridra
Built for regulated environmentsEU AI ActNIST AI RMFSR 11-7ISO 42001 (mapped)SOC 2 (in progress)
PlatformSolutionsArchitectureTrustDevelopersCompanyRequest review
Architecture · Transparency log

Append-only. Witness co-signed.

A Trillian-backed Merkle log with Sigstore-compatible witnesses. Every signed decision is provably in the log, and provably unaltered since.

A signature alone proves that someone with the right key asserted a statement. It doesn't prove the statement was made at the time claimed, or that it hasn't been quietly replaced since. Certificate Transparency solved the analogous problem for TLS in 2013, and we apply the same discipline to AI decisions.

Why a transparency log at all

Every signed decision, policy enforcement record, and incident is appended as a leaf in a tenant-scoped Merkle tree. The tree is append-only by construction: rewriting history would break every downstream inclusion proof ever issued.

How the log is built

01 · Leaf commitment

The SDK canonicalizes the payload per RFC 8785 and hands the hash to the signer. The hash, the Ed25519 signature, and a small envelope become the log leaf. Plaintext never touches the log.

02 · Append to Trillian

The log-writer service submits the leaf to a Trillian personality configured per tenant. Trillian returns an inclusion proof against a new signed tree head (STH) synchronously.

03 · Witness co-sign

STHs are served to independent witnesses that co-sign on a fixed cadence. Witnesses run on infrastructure outside the Veridra trust boundary. We picked Sigstore-compatible signatures so standard tooling can verify them.

04 · Consistency monitoring

Every new STH must prove consistent with every prior STH. Customers, auditors, and Veridra itself can run a monitor that fails loudly the moment a consistency proof doesn't hold.

Verifiable properties

These properties hold without Veridra's cooperation. That's the point of the log.

Inclusion

Given a signed decision and the current STH, the open-source Veridra CLI returns yes/no in constant time plus O(log n) hashes. No network access to Veridra is required beyond fetching the STH, and STHs are mirrored to witnesses.

Non-equivocation

Trillian plus witness co-signing prevents us from serving two contradictory trees to two different viewers. Any attempt would produce a forked STH that witnesses would refuse to co-sign and monitors would flag immediately.

Append-only

A consistency proof binds every new STH to every prior STH. The log cannot be rewound. A removed leaf produces a consistency failure that is detectable by any reader.

Tenant isolation

Each tenant has its own tree, its own log root, and its own witness set if requested. A rotation, incident, or subpoena scoped to one tenant never touches another.

Inspired by Certificate Transparency
Same discipline, different domain
Certificate Transparency has exposed hundreds of misissued TLS certificates since 2013 precisely because log operators can't quietly retract entries. We apply the same architecture to AI decisions: the log operator loses the power to hide what the log previously showed.
What this gets a regulator
Self-verifying evidence packs
Cryptographic signing proves who said what. The transparency log proves when they said it, and that they haven't since pretended to have said something else. The signature binds content to key; the log binds the signature to a verifiable timeline. When pack-builder assembles an evidence pack for a regulator, every record inside the pack is accompanied by its inclusion proof against a witness-co-signed STH. The pack is self-verifying.
Request a review Cryptographic signing Evidence pipeline