Veridra
Built for regulated environmentsEU AI ActNIST AI RMFSR 11-7ISO 42001 (mapped)SOC 2 (in progress)
PlatformSolutionsArchitectureTrustDevelopersCompanyRequest review
01 · The platform

Five modules. One platform.

Same five modules. Same capabilities. The difference is scope discipline: what each module owns directly, what it integrates with, and where Attest becomes the entry wedge.

Scope discipline

What each module owns directly. What stays with your stack.

Veridra is not trying to replace governance software, observability tooling, or audit workflow systems. The platform exists to produce cryptographic evidence where the evidence itself is the compliance act and to integrate cleanly with the rest.

See the compliance scope boundary →
Attest output
What the entry wedge produces
Verified
Decision ID
dec_attest_2048
System
underwrite-core-v3
Policy set
high-risk-lending-v2
Reviewer
Required and recorded
Signature
Ed25519 verified
Log proof
Transparency inclusion accepted
Record integrityunchanged
Attest creates the first proof object that can survive examiner, audit, and legal review outside the product UI.
EU AI Act Art. 12GDPR Art. 22SR 11-7
Independent path

Proof that survives outside the platform.

veridra verify decision-receipt.json --signature sig.ed25519 --inclusion-proof log-proof.json
Signature verified
Timestamp verified
Log inclusion verified
Record integrity verified
What this proves

Attest is useful because the proof can be inspected without asking a third party to trust the Veridra interface, the export path, or the vendor narrative.

See verification tooling Read about Attest
01LIVE

Govern

Framework mapping, risk register, policy-as-code. Govern sets the policy surface and obligation map around the decision record.

Scope

Owns directly: framework crosswalk evidence, policy expression, risk-tier mapping, and decision-routing audit. Integrates with: governance committees, control owners, policy programs, and AI governance platforms such as Credo AI and IBM watsonx.governance.

  • System inventory with risk tier classification
  • Framework crosswalk (EU AI Act Articles, NIST functions, ISO controls)
  • Policy-as-code in Rego, authored once, enforced everywhere
  • Human-approval routing for high-risk decisions
Read more →
02LIVE
Entry wedge

Attest

Cryptographic signing, transparency log, evidence packs. Every AI decision captured, canonicalized, signed, logged, and packaged into evidence that can stand on its own.

Scope

Owns directly: EU AI Act Article 12, GDPR Article 22 decision evidence, 21 CFR Part 11 signature path, SR 11-7 decision documentation. This module is the compliance act, not a wrapper around it.

  • Ed25519 signatures with BYOK and managed key custody options
  • Trillian-backed, Sigstore-compatible transparency-log integrity and inclusion proofs
  • RFC 8785 canonicalization — deterministic, cross-region stable
  • Evidence packs in signed PDF and ZIP export formats
Read more →
03LIVE

Watch

Continuous evaluation, drift detection, signed incident records. Watch turns changes in model behavior into signed operational evidence.

Scope

Owns directly: signed incident records, time-of-knowledge attestation, evidence of change over time, and evaluation outputs. Integrates with: observability, alerting, and incident-response systems such as Arize and Fiddler without trying to replace observability itself.

  • Drift-as-evidence: signed drift records, not just alerts
  • Signed postmortems that link directly to affected decisions
  • Continuous eval against customer-defined test batteries
  • Incident routing to PagerDuty, Opsgenie, Slack, Teams
Read more →
04Q3 2026

Agents

Agent identity governance and verifiable action accountability for non-human actors. Scoped permissions, tool-call audit, human-approval gates, and replayable evidence chains for regulated agent workflows.

Scope

Owns directly: verifiable evidence of every permitted agent action, tool-call accountability, and agent decision evidence. Integrates with: identity providers, approval workflows, and execution-layer gateways such as sandbox runtimes that block unsafe actions in real time.

  • Non-human identity with scoped OAuth + SPIFFE SVIDs
  • Every tool call signed and logged as a decision event
  • Human-approval gates for high-impact agent actions
  • Replayable agent decision chains
Read more →
05Q1 2027

Verify

Model lineage and C2PA-ready content authenticity. Provenance that travels with the artifact from training data and model version to customer-facing result.

Scope

Owns directly: artifact provenance and verifiable lineage. Integrates with: content systems, downstream channels, and provenance consumers.

  • Model card provenance with cryptographic versioning
  • Training data attestation (without exposing the data itself)
  • C2PA-ready output manifests for generated content
  • Verifiable lineage across fine-tunes and retraining
Read more →
The boundary

Evidence first. Integrations second.

The platform owns evidence production directly. Governance tooling, observability tooling, audit workflow, and organizational controls remain part of your existing stack.

Read the explicit boundary →
The verbs

Sign · Log · Prove · Pack · Verify

Every module in the platform strengthens at least one of these five primitives. Anything that does not is integration, not platform.

See the architecture
Design partners

A limited cohort shaping the evidence layer.

Founding partners get direct founder access, roadmap influence, and long-term pricing.

Three slots remain

Apply as design partner