Sample Article 12 evidence bundle.
A real, Ed25519-signed AI decision record you can download, inspect, verify yourself, and forward to compliance, legal, or your regulator. Each download generates a fresh signed bundle from our public demo signer — no account, no email, no API key.
Each download generates a fresh, real Ed25519-signed record. No account. No email.
The downloaded JSON is self-documenting: it embeds Article 12 field mapping, verification instructions, and explicit "what this does not prove" disclosures so reviewers don't have to come back to this page.
What's inside
Bundle contents
decision_id, timestamp
Unique time-stamped identifier for the decision record.
record_hash
SHA-256 hash over the canonical payload (RFC 8785 JCS).
signature, signature_alg, key_id
Ed25519 signature + the public key ID that produced it.
canonical_payload
The full, deterministic JSON-canonicalized payload that was signed.
public_key_url
Where to fetch the public key for fully-offline verification.
verify_url
POST endpoint that re-runs the same verification on demand.
_documentation.article_12_field_mapping
Embedded mapping from each field to the EU AI Act article it supports.
EU AI Act Article 12 field mapping
Which bundle field supports which Article 12 requirement.
| Article | Bundle field | Supports |
|---|---|---|
| Art. 12(1) | decision_id + timestamp | Each automatic decision has a unique, time-stamped record. |
| Art. 12(2)(a) | canonical_payload.actor | Identifies the AI system or agent that produced the decision. |
| Art. 12(2)(b) | canonical_payload.decision | Captures the actual decision and selected option for traceability. |
| Art. 12(2)(c) | canonical_payload.explanation | Reason codes and rationale summary support post-hoc explanation needs. |
| Art. 12(2)(e) | canonical_payload.entity | Subject of the decision is recorded for downstream rights requests. |
| Art. 12 (general) | record_hash + signature | Tamper-evident: any post-hoc modification breaks signature verification. |
Article 12 of the EU AI Act requires high-risk AI systems to keep automatic logs of their operation. This bundle is one piece of an audit-readiness evidence package. It does not constitute legal advice or guarantee compliance — consult qualified counsel for legal determinations.
What this bundle proves
- • The canonical payload was signed by the holder of the published Ed25519 key.
- • The record_hash is a deterministic SHA-256 of the canonical payload (RFC 8785 JCS).
- • Any modification to the payload after signing breaks signature verification.
What it does NOT prove
- • That the underlying AI decision was correct, fair, or legally compliant.
- • That CertifiedData has reviewed the input data, model, or outcome.
- • That this single bundle satisfies a specific regulator's audit on its own — it is one piece of a larger audit-readiness evidence package.
Verify it yourself
Don't trust this page. Run the same check anywhere.
After you download the bundle, re-verify it from the command line. The same crypto round-trip an external auditor would run.
$ curl -sX POST https://certifieddata.io/api/demo/decision/verify \
-H 'content-type: application/json' \
-d @sample-article-12-evidence-bundle.json | jq
{
"ok": true,
"signature_verified": true,
"hash_verified": true,
"key_id": "cd_dl_root_v1",
"algorithm": "Ed25519"
}Or do it fully offline: fetch the public key from /.well-known/decision-signing-keys.json and verify the Ed25519 signature locally with openssl pkeyutl -verify or any equivalent verifier.