Veridra
Built for regulated environmentsEU AI ActNIST AI RMFSR 11-7ISO 42001 (mapped)SOC 2 (in progress)
PlatformSolutionsArchitectureTrustDevelopersCompanyRequest review
Trust Center · Compliance Scope

What Veridra handles directly. What stays with you.

Veridra is the cryptographic evidence layer for AI decisions. Some obligations are cryptographic acts. Others remain organizational controls, workflow systems, or human-governed programs. This page is the explicit boundary.

Most vendors describe their scope expansively. Veridra takes the opposite approach. We do one thing — produce cryptographic evidence per AI decision — and we do it completely.

One company. One thing done completely.

Some compliance obligations are satisfied by the existence of a signed, tamper-evident, replayable record. Those are the obligations Veridra owns directly. Other obligations require organizational policy, training, workflow management, or governance process. Those stay with the systems you already use.

We publish the boundary because it is useful to buyers, useful to regulators, and useful to us. Buyers can see where Veridra fits into an existing stack. Regulators can see where the technical responsibility ends and the customer program begins. Internally, the boundary keeps the product honest.

What Veridra owns. What stays with your existing stack.

Veridra owns directly

EU AI Act Article 12 — record-keeping

High-risk AI systems must produce automatic, traceable records covering inputs, outputs, model state, and operating context. A signed decision record anchored to a transparency log is the compliance artifact itself.

EU AI Act Article 50 — content provenance

Disclosure for AI-generated content increasingly depends on machine-readable provenance. Veridra Verify is the path for output-level provenance and authenticity evidence.

GDPR Article 22 — automated decision rights

A signed evidence pack that reconstructs the decision is the substrate for meaningful information about the logic involved when a consequential automated decision is challenged.

21 CFR Part 11 — electronic records and signatures

Cryptographic signatures over canonical records are the implementation pattern FDA-regulated teams already recognize. Veridra handles the signing act directly.

SR 11-7 — model decision documentation

Time-stamped, reproducible, defensible records of model decisions are the direct output US banking teams need for examiner review.

NIST AI RMF MEASURE

Veridra captures evidence of behavior over time with signed decision records, signed incidents, and evaluation outputs that support ongoing measurement.

ONC HTI-1 — clinical decision support transparency

When decision support must be source-attributable and auditable, signed per-decision evidence is the implementation pattern.

Stays with your existing stack

Organizational SOC 2 controls

Security policies, access reviews, vendor due diligence, onboarding, and documented procedures remain organizational controls owned by your existing compliance program.

Vanta · Drata · Secureframe · OneTrust

AI risk assessments and policy authoring

Risk taxonomies, model cards, governance committee workflows, and policy lifecycle management remain human-governed processes that sit above evidence production.

Credo AI · Holistic AI · IBM watsonx.governance

Drift, performance, and observability

Metric dashboards, latency monitoring, and operational observability stay with your observability layer. Veridra signs the incidents and decision trail those tools surface.

Arize · Fiddler · WhyLabs · Datadog

Vendor risk management

Third-party questionnaires, supplier review, and vendor due diligence remain vendor-risk workflows, not cryptographic evidence primitives.

OneTrust · Whistic · Prevalent · ProcessUnity

Employee compliance training

Training programs, attestations, learning paths, and completion tracking remain organizational change-management systems.

KnowBe4 · Proofpoint · NAVEX

Audit project management

Control testing orchestration, remediation plans, evidence collection workflow, and certification project management remain audit-program tooling.

AuditBoard · Workiva · LogicGate

Vulnerability management and SIEM

Threat detection, infrastructure security monitoring, log analysis, and incident orchestration stay with your security operations stack.

Wiz · CrowdStrike · Splunk · Datadog
Why publish this
The honest boundary is the differentiator
Few category-creation startups publish what they do not do. We do. The discipline is more valuable than the appearance of expansive scope.

How the boundary maps to your buying decision

If you already have GRC, governance, or observability tooling, good. Veridra is designed to make those investments more valuable by giving them cryptographic decision evidence to point to.

Pattern A
Vanta + Veridra
Vanta handles organizational controls and audit programs. Veridra handles per-decision AI evidence. Auditor reads both. No overlap.
Pattern B
Credo AI + Veridra
Credo handles AI inventory, risk tiering, and policy authoring. Veridra produces signed evidence that those policies were enforced at the decision level.
Pattern C
Arize + Veridra
Arize observes drift and performance. Veridra signs the incidents and decision trail behind what observability surfaces.

None of these are competitive. They are complementary. If you already use one of these systems, the boundary page should make the integration logic obvious.

We do one thing. We do it completely.
The rest is your existing stack — and we make it stronger by giving it cryptographic evidence to point to.

Talk to us about your stack
Book an assurance review Platform overview EU AI Act alignment