Every AI decision yields a cryptographic signature admissible as evidence
Ed25519 + SHA-256 audit trail, downloadable signed PDF export. Verifiable independently, without us, with your organisation's Ed25519 public key. Admissible as written evidence under French Civil Code art. 1366 — subject to the court's appreciation. Qualified RFC 3161 timestamping via Universign (PSCE ANSSI) available as an option.
Today, your compliance proofs depend on the platform that hosts them
An auditor or judge has to trust the vendor. If the vendor falsifies or disappears, your proofs disappear with them.
CNIL / AI Office inspection
The platform exports a PDF of logs. How does the auditor verify that nothing was modified between the event and the export? They take your word for it — or not. Without a cryptographic proof, it's your word against the regulator's.
AI Act litigation or legal challenge
You need to demonstrate technical good faith: an AI decision was classified, validated, supervised at a given date. Without an independently verifiable cryptographic signature, your logs are attackable as "self-produced evidence" — inadmissible.
Acquisition, due diligence, internal audit
The acquirer or internal auditor must trust your stack blindly. If the platform is falsifiable, they discount the valuation to cover IP/compliance risk. You pay for non-verifiability.
Four cryptographic primitives, one admissible proof
Every compliance event passes through these 4 layers. The result: a proof that a third party verifies without us, without installing ACF®, without calling our support.
SHA-256 hash
Each event (classification, document, validation, escalation) becomes a unique 256-bit fingerprint. Changing a single character changes the entire hash — immediate detection.
Ed25519 signature
Each hash is signed with an Ed25519 private key. Falsifying the signature requires the key — impossible without internal access. Algorithm recommended by ANSSI and most European cybersecurity authorities.
Tamper-proof hash chain
Each event references the hash of the previous one. Modifying an event in the middle of the chain breaks everything after — automatic detection. Same architecture as critical blockchain registries.
Signed PDF export + qualified eIDAS timestamping
Certified PDF export with Ed25519 signature and RFC 3161 timestamping via Universign (PSCE certified ANSSI, eIDAS Regulation art. 42) available as an Enterprise option. Open JSON-LD wrapping planned for Q3 2026 for W3C Verifiable Credentials interoperability.
Here's what an exported ACF® proof looks like
Download the sample, take any standard Ed25519 verification tool (libsodium, noble-ed25519, openssl), verify the signature with your organisation's public key. No call to ACF® required.
Signed Ed25519 event excerpt
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://acfstandard.com/contexts/audit-trail/v1"
],
"id": "urn:acf:event:01HXKQ8B2M3PZWV4N6Y9R7S0T2",
"type": ["AuditEvent", "AcfComplianceProof"],
"issuer": "did:web:tenant.acfcompliance.com",
"issuanceDate": "2026-06-06T08:42:17.341Z",
"credentialSubject": {
"eventType": "ai_decision.classification",
"systemId": "ais_92f4...",
"decision": "high_risk_aiact_annex_iii",
"operator": "user_42",
"humanOversight": "validated"
},
"previousHash": "8a1f4e...c3b2",
"eventHash": "f3c8b1...e09d",
"proof": {
"type": "Ed25519Signature2020",
"created": "2026-06-06T08:42:17.342Z",
"verificationMethod": "did:web:tenant.acfcompliance.com#key-1",
"proofPurpose": "assertionMethod",
"proofValue": "z3Mv...Qf8a"
}
}How to verify the signature
- 1
Download the signed PDF proof bundle from your ACF® dashboard
- 2
Retrieve your tenant's Ed25519 public key (rotated, journaled)
- 3
Run your verification tool: libsodium, noble-ed25519, openssl, or any RFC 8032-compliant Ed25519 tool
- 4
Verify each signature in the chain — if a single one fails, the audit trail is compromised and the report flags it automatically
Interactive demo coming soon — meanwhile, contact us for a 30-min technical walkthrough.
When a verifiable audit trail changes everything
CNIL / AI Office audit
Scenario
The regulator requests the complete history of AI decisions on your high-risk system over 12 months.
ACF® solution
You export the signed PDF bundle. The auditor verifies chain integrity with their own Ed25519 tool — without calling us, without installing ACF®. The cryptographic signature demonstrates that nothing was modified post-event.
AI Act litigation
Scenario
A user contests an AI decision made by your agent. The court demands technical proof of your good faith (human oversight, classification, validation).
ACF® solution
Your Ed25519-signed audit trail is admissible as written evidence (French Civil Code art. 1366), subject to the court's appreciation. Qualified RFC 3161 timestamping via Universign (PSCE ANSSI) available as an option — you document the complete chain, dated, signed, verifiable. The opposing counsel must prove cryptographic falsification — practically impossible.
Acquisition due diligence / certification
Scenario
An acquirer or ISO 42001 certification body wants to verify the integrity of your compliance history over the last 3 years.
ACF® solution
You transmit the exported bundle. Their technical team verifies the signature and chain autonomously. Third-party verifiability justifies a premium valuation and an accelerated due diligence cycle.
Why no other GRC offers this
Product audit of the top 5 European and US AI / GDPR compliance SaaS (May 2026). Without naming vendors publicly.
| Criterion | ACF Compliance | US compliance leaders | French GDPR specialists | Consulting + Excel |
|---|---|---|---|---|
| Centralized audit trail | ||||
| Cryptographic event signatures | Ed25519 | |||
| Verifiable without the platform | ||||
| Qualified eIDAS RFC 3161 timestamping | ||||
| Tamper-proof hash chain |
A primitive of the ACF® standard
This mechanism implements the ACF® (Agentic Commerce Framework®) layer 4 — admissible technical proof. You can consult the open standard at acfstandard.com.
See how ACF® works for your use case
Free 3-minute diagnostic or a 30-min guided demo — we show you your future signed audit trail on your own AI systems.