Decision Ledger live demo
Edit or paste a decision payload. Click Sign & hash to get a real Ed25519-signed record — same algorithm, same key, same canonicalization as production. Results are not persisted.
- Real Ed25519 signature over an RFC 8785 canonical payload — same key as production
- SHA-256 content hash and public verification URL per decision
- Append-only public decision log for records marked public
- Auditor-verifiable outside our system using the published public key
Signed record shape
{
"decision_id": "demo-01jt…",
"timestamp": "2026-04-22T…",
"record_hash": "sha256:…",
"signature": "base64 Ed25519 sig",
"signature_alg": "Ed25519",
"key_id": "cd_root_2026",
"canonical_payload": "{…RFC 8785…}"
}The live demo below fills in real values. Every field is independently verifiable using the published Ed25519 public key.
- 1Create
Decision payload
- 2Sign
Ed25519 + RFC 8785
- 3Persist
Session feed
- 4Feed
Recent records
- 5Verify
Round-trip check
- 6Export
Download bundle
Step 1 — Sample payloads
Decision payload
Signed record output
Choose a sample or edit the payload, then click Sign & hash.
How signing and verification work
Four deterministic steps. No magic — standard crypto with published specs. Anyone can repeat step 4 independently against the public signing key.
Canonicalize
The decision payload is serialized per RFC 8785 (JSON Canonicalization Scheme). Keys are sorted deterministically so the same payload always produces the same bytes.
Hash
Canonical bytes are SHA-256 hashed. The hash becomes the record fingerprint — any payload change produces a different hash, breaking the chain.
Sign
The hash is signed with CertifiedData's Ed25519 key. The signature is over the bytes, not the JSON — safe from whitespace or key-order tampering.
Verify
Recompute the canonical hash and verify the Ed25519 signature against the published signing key at /.well-known/signing-keys.json. Auditors can repeat this independently — no trust in us required.
Prefer code?
Open-source decision-log SDK
Public verification utilities, canonicalization helpers, and integration examples. Verify any signed decision without calling our API.
git clone https://github.com/certifieddata/certifieddata-decision-ledger-examples cd certifieddata-decision-ledger-examples npm install && npm run verify-example
Where teams use this
Anywhere an AI system makes a consequential call and someone has to explain it later.
Loan approvals →
Every underwriting decision carries a signed record tying the outcome to the policy version, model version, and reason codes.
Claims triage →
Triage routing and escalation decisions are logged with tamper-evident rationale summaries for regulator review.
Agent actions →
Procurement, content moderation, or automated remediation decisions by AI agents — each signed, each auditable.
High-risk AI systems →
Article 12 record-keeping for high-risk systems. Decision records are the evidence chain regulators expect.
For compliance, audit, and legal review
Evidence an auditor can verify
EU AI Act · Article 10
Data governance
Decision records reference training-data certificate IDs, linking each decision back to verifiable data lineage.
EU AI Act · Article 12
Record-keeping
Automatic event logs for the operation of high-risk AI systems. Signed decision records are the primary evidence artifact.
EU AI Act · Article 50
Transparency obligations
Public verification URLs let deployers and affected persons confirm a decision's integrity without accessing internal systems.
From sandbox to production
Start free. The signing and canonicalization stay identical across every tier.
Sandbox
No credit card$0
- •30 signed demos / minute
- •Real Ed25519 signatures
- •No persistence
You're here
Free account
Real API key$0
- •1,000 signed records / month
- •30-day audit history
- •Permanent public verification URL
Trust
Audit-ready$149/mo
- •100,000 records / month
- •3-year retention
- •JSON/CSV export + webhooks
Govern
Article 12 evidence$499/mo
- •Governance-scale records
- •7-year retention
- •Dedicated signing key
- •Audit evidence bundle export
Verify it yourself
Every surface here is a live public endpoint — no account, no API key.
Try the other pillars
Three pillars, one proof system. Each runs anonymously, each produces real signatures.
Frequently asked
Are the signatures real or simulated?+
Real. Every demo produces an Ed25519 signature over an RFC 8785 canonical payload using the same signing key as production. Verify outside our system with the public key at /.well-known/signing-keys.json.
Is the demo record persisted?+
No. Demo records are not stored, not listed in the public decision log, and not assigned a permanent verification URL. A free account turns on persistence and gives you 1,000 signed records per month.
What does a 'canonical payload' mean?+
It's the decision JSON serialized per RFC 8785 (JCS) — keys sorted deterministically, whitespace removed, undefined fields stripped. The signature is over these canonical bytes, so re-serializers with different whitespace still verify correctly.
What does Article 12 record-keeping require?+
Providers of high-risk AI systems must keep automatic event logs for the duration the system is on the market. Signed decision records satisfy this with tamper-evident evidence including timestamp, actor, decision, and rationale.
What are the anonymous rate limits?+
30 signed demo requests per minute per IP. Free accounts get 1,000 persistent decision records per month; paid plans scale into the hundreds of thousands.
Can I verify without calling your API?+
Yes. Re-canonicalize and re-hash the payload yourself, fetch the public key from /.well-known/signing-keys.json, and verify the Ed25519 signature with any standard crypto library. No dependency on CertifiedData.
Save real decision records
Free account · 1,000 records / month · permanent public verification URLs · no credit card.