Evidence Layer

Internal component of The Veil

Forensic proof of every AI decision.

The evidence layer of The Veil creates cryptographically signed, tamper-evident records of every AI decision. When regulators, auditors, or customers ask what your AI did and why — you have forensic proof, not logs.

EU AI Act Article 14 enforcement beginsAugust 2, 2026

The Provenance Gap

What auditors see today

  • Application logs that can be altered after the fact
  • No cryptographic integrity — anyone with DB access can edit
  • Timestamps from your own servers, not independently verifiable
  • No chain linking — records can be deleted without trace

What the evidence layer provides

  • Ed25519-signed decision envelopes — tamper-evident by design
  • SHA-256 hash chain — each record links to the previous one
  • RFC 3161 timestamps from independent authorities
  • Optional Sigstore Rekor publication — public, append-only proof

How It Works

01

Decision Event

Your Application

Your AI call — whether a direct API request, an agent workflow, or a custom pipeline — is routed through The Veil gateway. The gateway captures what was decided, inputs considered, model used, confidence score.

02

Cryptographic Signing

The Veil Gateway

The Veil gateway signs the record with Ed25519. Each record chains to the previous one via SHA-256 hash chain.

03

Independent Timestamp

External TSA

An RFC 3161 Timestamp Authority co-signs with a qualified timestamp. The record is now provably dated by a third party.

04

Transparency Log

Rekor (Public)

Optionally published to Sigstore Rekor — a public, append-only transparency log. Anyone can verify the record existed at that time.

Automatically Engaged

No customer-installed package. The evidence layer is part of The Veil — every request that passes through the gateway is signed, chained, timestamped, and optionally published, without any code change on your side. When you adopt The Veil, you get evidence for free.

  • No SDK to install, no imports to wire up
  • Engaged by default on every gateway request
  • Records are retrievable via The Veil control surface
  • Export any decision as a signed PDF certificate

What You Get

Forensic Decision Records

Signed, chained, independently timestamped decision envelopes that hold up under regulatory scrutiny.

EU AI Act Article 14 Ready

Decision records map directly to Article 14 human oversight requirements. Enforcement begins August 2, 2026.

PDF Decision Certificates

Export any decision as a signed PDF certificate. Hand your auditor a document, not a database query.

Hash Chain Integrity

Every record links to the previous via SHA-256. Deleting or altering any record breaks the chain — tampering is immediately detectable.

Internal Component

The evidence layer is part of The Veil, not a separate product. It ships with every Veil engagement at no extra cost and under the same contract.

Compliance Mapping

RegulationRequirementEvidence layer response
EU AI Act Art. 14Human oversight with sufficient recordsSigned decision records with full input/output provenance
EU AI Act Art. 12Automatic logging of AI system operationCryptographic hash chain — append-only, tamper-evident
GDPR Art. 22Meaningful information about automated decisionsDecision records include model, inputs, confidence, reasoning
DORA Art. 11ICT incident logging and reportingIndependent TSA timestamps prove when decisions occurred

Part of The Veil, not a separate product.

The evidence layer is the cryptographic provenance component of The Veil. It ships with every engagement and is scoped alongside the rest of the pipeline — it is not sold or purchased on its own, and there is no self-serve purchase path today.

Combined with the split-knowledge pipeline, you get identity-separated decision provenance — the AI that made the decision never knew who it was about, and you can prove it.

Talk to us about AI decision evidence

Book an Assessment