CertifiedData.io
EU AI Act Evidence Sprint · Article 12 record-keeping

The EU AI Act deadline did not move. Your evidence layer needs to.

Decision Ledger creates signed, hash-chained AI decision records for Article 12 record-keeping — so teams can prove what happened, which system acted, what context was used, and whether the record was altered later.

Each record is canonicalized, SHA-256 hashed, Ed25519 signed, and linked to the previous record. Any modification breaks verification. The August 2, 2026 deadline for high-risk AI obligations remains the operating date.

Run live demo →View live ledgerRead the spec

No account required. Generate, sign, and verify a sample decision record.

Free account includes

1,000 signed records/month · API key · public verification URL · no credit card

Start free →

What this is

AI Decision Ledger: a cryptographically verifiable system for recording AI system decisions — including inputs, outputs, model context, and execution metadata. Each record is hash-linked and digitally signed, enabling tamper-evident audit trails and independent verification without contacting the issuer.

August 2026 is not a suggestion.

EU AI Act Article 12 requires high-risk AI systems to record decisions, ensure traceability, and support auditability across their lifecycle. Enforcement begins August 2026.

Article 12(1)

"High-risk AI systems shall technically allow for the automatic recording of events ('logs') over the lifetime of the system."

Article 12(2)(a)

"...to ensure a level of traceability of the AI system's functioning that is appropriate to the intended purpose of the system."

Most systems have logs. Those logs are mutable, internal-only, and not independently verifiable. A regulator will treat a mutable log like a bank statement you typed yourself.

What an auditor will actually ask

  1. 1Show every decision your AI made about this subject.
  2. 2Show which model version produced each decision.
  3. 3Show which dataset trained that model.
  4. 4Prove none of those records have been modified since they were written.

Most organizations can answer 1–2. Almost none can prove 4 without a backup and a prayer.

From documentation to evidence

Article 12 pressure changes what audit trails need to prove.

Policies describe controls. Spreadsheets track responsibility. Internal logs show system activity. But high-risk AI systems need records that can survive review after the fact.

Decision Ledger turns AI decision events into tamper-evident records that can be independently verified through canonical payloads, cryptographic hashes, digital signatures, and hash-linked logs.

Policies describe intent

Governance documents explain how systems should operate, but they do not prove what happened in a specific decision event.

Logs show activity

Internal logs are useful operationally, but they usually depend on trust in the application or database that produced them.

Signed records create evidence

Signed, hash-linked records can prove whether a decision matches its original payload and whether the chain was altered later.

90-day evidence sprint

What high-risk AI teams should start now.

The deadline pressure is not only legal. It is operational. Teams need to know which systems are in scope, who owns them, and what evidence will exist when the system is reviewed.

  1. 1Inventory Annex III candidate systems
  2. 2Assign business, legal, and technical owners
  3. 3Identify high-risk decision workflows
  4. 4Map decisions to datasets, models, policy versions, and artifacts
  5. 5Define required decision record fields
  6. 6Start signing records before audit pressure arrives
  7. 7Test verification outside the dashboard
  8. 8Connect decision lineage to artifact certification where possible

Verifiable decision lineage

What a Decision Ledger record is built to prove.

A Decision Ledger record is not a visual badge or static report. It is a structured, signed evidence artifact that can be checked against its canonical payload and chain state.

  • Who or what made, supported, or approved the decision
  • What decision or outcome was selected
  • What reason codes or rationale were attached
  • What entity, case, application, or transaction the decision involved
  • What timestamp, policy version, model version, or artifact context applied
  • Whether the record was modified after signing

Verification runs independently against the published Ed25519 public key — no need to trust the dashboard that produced the record.

The trust jump

Don't trust this page. Verify the record yourself.

Run the standalone demo at /decision-ledger/demo for the full anon proof loop: sign a real decision, then copy a one-line terminal command and re-verify the signature in your own shell. No account. No API key. The crypto round-trip is identical to what an external auditor would run.

Run live demo →Download sample Article 12 evidence bundle ↓
Interactive demo · No account required

Generate a verifiable decision record

Edit the sample payload, click Run, and inspect a real Ed25519 signature, SHA-256 hash, and canonical RFC 8785 payload — without leaving this page.

What this demonstrates
  • • Decision-shaped JSON becomes a ledger record
  • • The record gets a deterministic SHA-256 hash over its RFC 8785 canonical form
  • • The record gets a real Ed25519 signature from the same key as production
  • • The result is independently verifiable using the public key at /.well-known/signing-keys.json
Result will appear here
Click "Run demo" to generate a signed record.
Payload preview
{
  "actor": {
    "type": "system",
    "id": "underwriter-v3"
  },
  "decision": {
    "label": "loan_decision",
    "selectedOption": "approved",
    "confidence": 0.94
  },
  "explanation": {
    "reasonCodes": [
      "credit_score_above_threshold",
      "dti_within_policy"
    ],
    "rationaleSummary": "Applicant meets underwriting criteria for the requested loan amount."
  },
  "entity": {
    "type": "applicant",
    "id": "applicant-00421"
  }
}
Govern · Article 12 evidence

The tier auditors actually expect.

EU AI Act Article 12 demands “automatically generated logs” over the full lifecycle of a high-risk AI system. Govern is the tier built for that evidence chain — 7-year retention, a dedicated Ed25519 signing key per customer, and an audit-ready evidence bundle you hand straight to a regulator.

  • Governance-scale records
  • 7-year retention
  • Dedicated signing key
  • Audit evidence bundle export
Start Govern →Compare all tiers
From
$499/mo
Annual + custom available

Developer integration

Wire Decision Ledger into your agent or service.

Append-only signed records via REST. One POST /v1/decisions per decision event — actor, entity, label, selected option, and any cert or model reference. We canonicalize, hash, sign, and chain. Verification runs independently against the published Ed25519 public key.

API integration guide →

Live proof — not a marketing badge

This is the most recent record in the public decision ledger. Signed, chained, and published the same way your decisions will be. Anyone can re-verify it independently.

Decision ID
b3552dbe-fa85-4620-bbda-2a52f545b338
Timestamp
2026-06-04T12:18:27.881Z
Label
data_quality_gate
Hash (SHA-256)
5f8ca14d59c7d7f6c0a663ccb30ecf80f89e07bd23af58b1c26fc15daa311b25
Previous hash
932137745d26afbaa27d247bfc67715f76654430f832f241b44e38eb706893f6
Signature alg
Ed25519
Re-verify this recordBrowse full feedSigning key metadata

Logging vs. evidence

Traditional logging

  • • Mutable — records can be altered
  • • Internal-only — not independently auditable
  • • No chaining — each record stands alone
  • • No signatures — no proof of authorship

Decision Ledger

  • • Tamper-evident — SHA-256 + Ed25519 signed
  • • Independently verifiable — no issuer contact needed
  • • Hash-chained — tampering breaks the tail verifiably
  • • Hourly sealed checkpoints — auditable continuity

This is not observability. This is evidence.

How it works

  1. 1
    Your AI system makes a decision.
    Inference, approval, routing, pricing, denial — any action that needs a record.
  2. 2
    Your service calls POST /v1/decisions.
    One HTTP request with actor, entity, label, selected option, and any cert or model reference.
  3. 3
    We canonicalize, hash, and sign.
    RFC 8785 JCS canonical JSON, SHA-256, Ed25519 — deterministic and independently reproducible.
  4. 4
    Dual-chain write.
    Internal record keeps full context. Sterilized public projection goes into a separately chained public log.
  5. 5
    Hourly sealed checkpoints.
    Signed checkpoints seal the public chain. Any tampering breaks the seal — verifiably, forever.
  6. 6
    Anyone can verify.
    GET /api/decision-log/:id/verify re-computes the hash and checks the signature against the published signing key.

Log your first decision in minutes

curl -X POST https://certifieddata.io/v1/decisions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "actor": { "type": "system", "id": "loan-engine-v3" },
    "decision": {
      "label": "loan_decision",
      "selectedOption": "approved"
    },
    "explanation": {
      "reasonCodes": ["credit_score_above_threshold", "dti_within_policy"],
      "rationaleSummary": "Applicant meets underwriting criteria."
    },
    "publicMode": true
  }'

Who this is for

Compliance / GRC

You need evidence that survives an audit. Decision Ledger is your auditor-ready record.

Article 12 mapping

AI / Model Risk

You already log. We make the log tamper-evident and cryptographically linkable to datasets and models.

Read the spec

Financial Services

Fair-lending, SR 11-7, adverse action. Prove the why behind every model decision.

FS use case

From data → decision → proof

Dataset Certified

Model Trained

Decision Logged & Signed

Everything Verifiable

This is not a feature set. This is AI system accountability infrastructure.

EU AI Act Article 12 · Enforcement begins August 2026

Start logging AI decisions today.

If your AI system makes decisions, you will need an audit log that holds up in front of a regulator. CertifiedData gives you a cryptographically signed, hash-chained record. Free tier includes 1,000 records/month — no credit card.

  1. 1
    Create a free account
    No credit card. Two minutes.
  2. 2
    Get your API key
    One key. Scoped, revocable, rotateable.
  3. 3
    Send your first decision
    One curl. Appears in the public ledger within seconds.
Start logging decisions →Read the quickstartTalk to compliance

Also powered by CertifiedData

Decision Ledger is the primary evidence layer. Dataset certification and agent commerce remain available as supporting proof surfaces.

Dataset Certification
SHA-256 + Ed25519 certificates proving synthetic dataset origin and integrity. Useful when decision records need upstream dataset lineage.
Learn more →
Agent Commerce
Ed25519-signed receipts for autonomous agent transactions. Useful when AI decisions trigger payment, procurement, or policy-gated actions.
Learn more →
Live public ledgerSample evidence bundleAudit-readiness checklistAI decision loggingAI decision traceabilityEU AI Act logging requirementsDecision accountabilityDecision governanceAI audit trailsTechnical specDecision lineageFinancial servicesCertificate transparencyArticle 12 record-keepingAudit-readiness checklistSample evidence bundleEmployment AI evidenceHR AI audit trailCredit scoring AI evidenceFintech AI audit trailInsurance AI evidenceHealthcare AI evidencePublic sector AI evidenceProcurement AI evidenceEducation AI evidence

Build Article 12 evidence before audit pressure arrives

Move from internal logs to independently verifiable AI decision records.

Run a live Decision Ledger demo, inspect the public log, and review the technical specification for signed, hash-chained AI decision records.

Run live demo →View live ledgerRead the spec

Related Evidence

Decision Ledger

Cryptographically verifiable AI decision records with auditability and live proof.

Compliance Logging

How CertifiedData supports audit-ready AI evidence workflows.

Decision Logging

Append-only, signed decision logs linked to certified artifacts.

Decision Traceability

Trace decisions from outcomes back to certified data sources.

Synthetic Data Certification

Dataset provenance, certification, and machine-verifiable artifact records.

Verify

Public verification for records, certificates, hashes, and signatures.

Decision Ledger — Signed AI Decision Logging | CertifiedData