The open specification for cryptographically signed, tamper-proof audit records of AI decisions. W3C-compatible, RFC-style, standards-based.
AI Decision Credentials (ADC) is an open standard for creating cryptographically signed, tamper-proof receipts of AI decisions. Every decision is hashed, signed with dual cryptographic keys, timestamped by a trusted authority, and optionally anchored to Bitcoin for permanent auditability.
Regulators across the EU AI Act, GDPR, NIST AI RMF, and 14+ frameworks now require "documented governance with verifiable records." ADC solves the verification problem: every AI decision can be proven authentic, unmodified, and timestamped.
ADC uses only established standards: W3C Verifiable Credentials for format, RFC 3161 for timestamping, Ed25519 + ML-DSA-65 for dual signatures, and optionally Bitcoin for anchoring. No proprietary black boxes.
Complete field reference for ADC v2.4.0. All receipts MUST include core fields. Compliance fields MUST be populated when applicable. Optional fields MAY be omitted if not applicable to the decision context.
| Field Name | Type | Description | Example |
|---|---|---|---|
| schema_version | string | ADC specification version (SemVer) | "2.4.0" |
| receipt_id | string (UUID4) | Globally unique receipt identifier | "550e8400-e29b-41d4-a716-446655440000" |
| timestamp | string (ISO 8601) | UTC creation timestamp | "2025-04-11T14:32:45Z" |
| entry_hash | string (hex SHA256) | Cryptographic hash of receipt content (canonical JSON, excludes signatures) | "a1b2c3d4e5f6..." |
| prev_hash | string (hex SHA256) | Hash of previous receipt (forms cryptographic chain; "0"*64 for genesis) | "z8y7x6w5v4u3..." |
| sequence_no | integer | Monotonically increasing counter per audit stream (0 for genesis) | 1024 |
| Field Name | Type | Description | Example |
|---|---|---|---|
| prompt_hash | string (hex SHA256) | SHA256 hash of prompt text (preserves input integrity without storing text) | "f1e2d3c4b5a6..." |
| response_hash | string (hex SHA256) | SHA256 hash of model output (proves decision output) | "d9c8b7a6f5e4..." |
| model | string | Model identifier (e.g., anthropic model ID) | "claude-3-opus-20250219" |
| provider | string | AI provider name | "anthropic" |
| tokens_in | integer | Input tokens consumed by model | 1234 |
| tokens_out | integer | Output tokens generated by model | 567 |
| Field Name | Type | Requirement | Description |
|---|---|---|---|
| decision_type | string | REQUIRED | Classification of decision (hiring, lending, content_moderation, medical_diagnosis, fraud_detection, etc.) |
| vertical | string | REQUIRED | Industry vertical (hiring, finance, healthcare, government, etc.) |
| ai_score | number (0.0-1.0) | OPTIONAL | Model confidence score for the decision |
| ai_threshold | number (0.0-1.0) | OPTIONAL | Decision threshold used (e.g., approve if score > 0.7) |
| recruiter_action | string | OPTIONAL | Human action taken following AI decision (approved, rejected, escalated) |
| human_review_state | string | OPTIONAL | Review status (pending, reviewed, approved, rejected) |
| reviewer_id | string | OPTIONAL | Identifier of human reviewer (pseudonymized for privacy) |
| override_reason | string | OPTIONAL | Justification if human overrode AI decision |
| sdk_version | string (SemVer) | OPTIONAL | Version of Veratum SDK or compatible library used |
| metadata | object | OPTIONAL | Custom key-value pairs for domain-specific context |
| Field Name | Type | Signing Standard | Description |
|---|---|---|---|
| signature_ed25519 | string (hex Ed25519 sig) | RFC 8032 | NIST-approved EdDSA signature using Curve25519 (primary signature) |
| signature_ml_dsa_65 | string (hex ML-DSA-65 sig) | FIPS 204 | Post-quantum hybrid signature using ML-DSA-65 (quantum-resistant) |
| signature_public_key | string (hex public key) | RFC 8032 | Public key corresponding to Ed25519 signature (allows third-party verification) |
| rfc3161_timestamp | string (ASN.1 DER hex) | RFC 3161 (eIDAS) | Digitally signed timestamp proof from trusted timestamping authority |
| timestamp_authority | string (URI) | eIDAS qualified TSA | RFC 3161 timestamp authority endpoint used (e.g., Universign, Digicert) |
| Field Name | Type | Standard | Description |
|---|---|---|---|
| bitcoin_tx_hash | string (hex Bitcoin txid) | BIP 141 | Bitcoin transaction hash that commits this receipt (adds permanent, immutable proof of existence) |
| bitcoin_block_height | integer | BIP 141 | Block height in which transaction was confirmed (provides temporal proof) |
| bitcoin_confirmed_at | string (ISO 8601) | BIP 141 | UTC timestamp when transaction was confirmed (at least 1 confirmation required) |
| merkle_proof | array of strings | BIP 141 | Merkle tree path proving receipt_hash is in the transaction (enables light verification) |
All ADC receipts MUST be signed with both Ed25519 and ML-DSA-65. This hybrid approach provides immediate regulatory credibility (NIST-approved Ed25519) plus post-quantum assurance (quantum-resistant ML-DSA-65).
Standard: RFC 8032 (NIST EdDSA)
The immediate signature provided at receipt time. Uses Curve25519 elliptic curve for fast verification and regulatory acceptance across EU, US, and international audits.
Key size: 32 bytes (private), 32 bytes (public)
Signature size: 64 bytes
Standard: FIPS 204 (NIST PQC)
Post-quantum resistant signature using lattice-based cryptography. Protects against future quantum computer attacks, required by NIST as of 2024 for hybrid approaches.
Key size: 2528 bytes (private), 1312 bytes (public)
Signature size: 3309 bytes
Serialize receipt as canonical JSON (RFC 8785): sorted keys, no whitespace, no unicode escaping. Exclude signature fields from the payload.
Hash canonical JSON with SHA256. This hash is stored in the entry_hash field and used as the input to both signature algorithms.
Sign the entry_hash with the private Ed25519 key. Output: 64-byte signature stored as hex in signature_ed25519.
Sign the same entry_hash with the private ML-DSA-65 key. Output: 3309-byte signature stored as hex in signature_ml_dsa_65.
Request timestamp from qualified TSA (eIDAS). Sends entry_hash to authority (e.g., Universign, Digicert). Receive ASN.1 DER-encoded timestamp token, store in rfc3161_timestamp.
If enabled, create Bitcoin transaction containing receipt_id hash. Wait for confirmation (at least 1 block). Store bitcoin_tx_hash, bitcoin_block_height, bitcoin_confirmed_at, and Merkle proof.
Timestamps MUST be obtained from an RFC 3161-compliant Qualified Timestamping Authority (QTSa) recognized under eIDAS Regulation (EU 910/2014). This ensures legal recognition across EU member states and auditor acceptance globally.
RFC 3161 is the international standard for digitally signed, independently verifiable timestamps. Unlike internal server timestamps, RFC 3161 provides legal proof of when a decision was made.
Recognized by: EU AI Act, GDPR Article 5, NIST RMF, SEC Rule 17a-4.
Use only Qualified Timestamping Authorities (QTSa) listed in the LOTL (List of Trusted Lists) under eIDAS.
Recommended providers: Universign, Digicert, SwissSign, Globalsign (all eIDAS-qualified).
Download the List of Trusted Lists (LOTL) from https://ec.europa.eu/tools/lotl/eu-lotl.xml. This contains all eIDAS-qualified TSAs.
Decode the ASN.1 DER token. Extract the TSA's signing certificate from the SignerInfo field.
Validate TSA certificate against LOTL. Confirm the certificate is still valid (not revoked or expired).
Cryptographically verify the token's signature using the TSA's public key.
Extract the hashed message value from the timestamp token. Verify it matches the receipt's entry_hash.
Complete step-by-step procedure to cryptographically verify that an AI Decision Credential is authentic, unmodified, and properly timestamped. No Veratum infrastructure required — use only open standards.
Receive the ADC receipt as JSON. It MUST contain all required fields: receipt_id, entry_hash, signature_ed25519, signature_ml_dsa_65, rfc3161_timestamp.
Create a copy of the receipt. Remove all signature fields (signature_ed25519, signature_ml_dsa_65, rfc3161_timestamp, bitcoin_*). This is the "canonical payload."
Encode canonical payload as JSON with sorted keys, no whitespace (RFC 8785). Example: {"ai_score":0.95,"decision_type":"hiring",...}
Hash canonical JSON with SHA256. The result MUST match the receipt's entry_hash field. If not, receipt has been modified.
Use the signature_public_key field to verify the Ed25519 signature against the computed entry_hash. Use any RFC 8032-compliant library.
Verify the ML-DSA-65 signature using the receipt's ML-DSA public key. Requires FIPS 204 library (e.g., liboqs, cryptography 42.0+).
Decode rfc3161_timestamp (hex to ASN.1 DER). Verify TSA signature, certificate chain (against LOTL), and that the hashed value matches entry_hash.
If verifying multiple receipts from same audit stream: for receipt N, confirm prev_hash equals receipt [N-1]'s entry_hash. Confirms no receipts were inserted, deleted, or reordered.
Query Bitcoin blockchain using bitcoin_tx_hash. Verify Merkle proof that receipt_id hash is included. Confirms permanent, immutable proof of existence.
Optional feature that commits AI Decision Credentials to the Bitcoin blockchain. Provides permanent, immutable proof of decision existence and cannot be modified retroactively without changing the entire blockchain (economically infeasible).
Once committed to Bitcoin, a receipt cannot be modified. Changing even one bit would require recalculating all subsequent Bitcoin blocks (requires more computing power than humanity has).
Unlike centralized databases, Bitcoin is run by thousands of nodes globally. No single authority can delete or modify anchored receipts.
Hash the receipt_id (UUID) with SHA256 twice (Bitcoin standard for addresses). Result: bitcoin_commitment.
Create transaction with OP_RETURN output containing bitcoin_commitment. OP_RETURN writes arbitrary data (up to 80 bytes) to blockchain.
Broadcast transaction to Bitcoin mempool. Transaction will be included in next block (average 10 minutes).
ADC requires at least 1 confirmation (receipt in a block plus one more block mined). At that point, modification probability is effectively zero.
After confirmation, compute Merkle path from receipt to block header. Store in merkle_proof field. Allows lightweight verification using only block headers (SPV).
How AI Decision Credentials satisfy key regulatory frameworks and standards. ADC is designed to be framework-agnostic — the same receipt satisfies all requirements below.
| Framework | Requirement | ADC Satisfies Via |
|---|---|---|
| EU AI Act | "Documented governance with verifiable records of decisions" | RFC 3161 timestamp + dual signatures prove authenticity |
| GDPR | "Integrity and confidentiality of processing" | Ed25519 + ML-DSA-65 dual signatures + chain integrity verification |
| NIST RMF | "Documented, auditable AI governance" | W3C VC format + cryptographic proof of decision authenticity |
| ISO 42001 | "Protected, retrievable, auditable records" | RFC 3161 + Bitcoin anchoring (permanent, immutable) |
| SEC 17a-4 | "Immutable, tamper-evident records" | Bitcoin anchoring provides cryptographic proof of immutability |
| FINRA 4370 | "Complete audit trail of algorithmic decisions" | Chain linking (prev_hash) + prompt_hash + response_hash |
| HIPAA | "Audit controls and access logs" | RFC 3161 timestamp + signature verification enables audit proof |