AI needs a Flight Recorder
"Verify, Don't Trust"
Website โข Specification โข Profiles โข GitHub
VAP (Verifiable AI Provenance Framework) is the cross-domain meta-framework that defines minimum requirements for cryptographically verifiable AI decision trails.
VAP is NOT a regulation that restricts AI use.
VAP IS an evidence infrastructure standard for safe continued AI operation.
"Encoding Trust in the AI Age"
VAP's scope is deliberately strict: domains where system failures can cause irreversible harm to human life, social infrastructure, or democratic institutions.
VAP defines the "what" (common requirements).
Profiles define the "how" (domain-specific implementations).
| Profile | Domain | Risk Category | Repository | Status |
|---|---|---|---|---|
| VCP | Finance & Trading | Market Stability | veritaschain/vcp-spec | โ v1.1 |
| CAP | Content / Creative | IP Rights, Misinformation | veritaschain/cap-spec | โ v1.0 |
| CPP | Consumer / Media | Evidence Integrity, Misinformation | veritaschain/cpp-spec | โ v1.0 |
| DVP | Automotive | Physical Safety | โ | ๐ Planned |
| MAP | Medical | Patient Safety | โ | ๐ Planned |
| PAP | Public Sector | Democratic Integrity | โ | ๐ Planned |
| EIP | Energy Infrastructure | Critical Infrastructure | โ | ๐ Planned |
| AAP | Aviation | Physical Safety | โ | ๐ Planned |
| โ IS | โ IS NOT |
|---|---|
| Framework specification | SaaS product |
| Profile architecture | Commercial software |
| Assessment programs | Certification authority |
| Open standard | Endorsement of any vendor |
VSO maintains strict vendor neutrality. See VSO Non-Endorsement Policy.
| Resource | Link |
|---|---|
| VCP (Finance Profile) | github.com/veritaschain/vcp-spec |
| CAP (Content Profile) | github.com/veritaschain/cap-spec |
| CPP (Capture Profile) | github.com/veritaschain/cpp-spec |
| Website | veritaschain.org |
| IETF Draft | draft-kamimura-scitt-vcp |
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ
โ VAP (Verifiable AI Provenance Framework) โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ Cross-domain meta-framework โ
โ Defines common minimum requirements โ
โ โ
โ โฒ โ
โ โ defines & maintains โ
โ โ โ
โ VSO (VeritasChain Standards Organization) โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ Standards body maintaining VAP and profiles โ
โ โ
โ โ โ
โ โ publishes profiles โ
โ โผ โ
โ โ
โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โ
โ โ VCP โ โ CAP โ โ DVP โ โ MAP โ ... โ
โ โFinance โ โContent/ โ โAutomotiveโ โMedical โ โ
โ โProfile โ โCreative โ โ Profile โ โProfile โ โ
โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โ
โ โ
โ Domain-specific protocol implementations โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
All VAP profiles share this common architecture:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Layer 4: Verification Layer โ
โ Merkle Tree / External Anchoring โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Layer 3: Integrity Layer โ
โ Hash Chain / Digital Signatures โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Layer 2: Provenance Layer โ
โ Actor / Input / Context / Action / Outcomeโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Layer 1: Identity Layer โ
โ UUID v7 / Timestamps / Issuer Identity โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
| Primitive | Algorithm | Status |
|---|---|---|
| Hash | SHA-256 | โ Current |
| Signature | Ed25519 | โ Current |
| Merkle Tree | RFC 6962 | โ Current |
| Post-Quantum | DILITHIUM2 | ๐ฎ Future |
An open benchmark program for assessing AI system auditability against VAP requirements.
๐ See programs/vap-at/
Interactive tool for evaluating VAP compliance across different domains.
๐ See scorecard/
VAP is designed to support compliance with emerging AI regulations:
| Regulation | Jurisdiction | Relevance |
|---|---|---|
| EU AI Act | European Union | High-Risk AI Classification (Article 6) |
| MiFID II/III | European Union | Algorithmic Trading (RTS 25) |
| GDPR | European Union | Data Privacy & Crypto-Shredding |
| CAT Rule 613 | United States | Consolidated Audit Trail |
| NIS2 Directive | European Union | Critical Infrastructure |
- Read the Framework Specification:
spec/v1.1/VAP_Framework_Specification.md - Choose Your Domain Profile: See Domain Profiles
- Review Conformance Requirements: Each profile defines its own test suite
- Executive Summary: Overview of VAP's regulatory value proposition
- Mapping Tables: How VAP addresses specific regulatory requirements
- Contact: standards@veritaschain.org
| Body | Document | Status |
|---|---|---|
| IETF SCITT | draft-kamimura-scitt-vcp | Submitted |
| ISO/TC 68 | (Financial Services) | Planned 2026 |
| ISO/IEC JTC 1/SC 42 | (AI) | Planned 2026-2027 |
VAP profiles are designed to be compatible with IETF transparency standards:
- SCITT (Supply Chain Integrity, Transparency, and Trust)
- RATS (Remote ATtestation procedureS)
- COSE (CBOR Object Signing and Encryption)
We welcome contributions from the community. Please see:
- CONTRIBUTING.md - Contribution guidelines
- CODE_OF_CONDUCT.md - Community standards
- SECURITY.md - Security policy
- Issues: Report bugs or suggest features
- Pull Requests: Submit improvements to specifications
- Discussions: Join technical discussions on GitHub
- New Profiles: Propose new domain profiles
This specification is licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).
See LICENSE for details.
VeritasChain Standards Organization (VSO)
| Channel | Contact |
|---|---|
| Website | https://veritaschain.org |
| Email (General) | info@veritaschain.org |
| Email (Standards) | standards@veritaschain.org |
| Email (Technical) | technical@veritaschain.org |
| GitHub | https://github.com/veritaschain |
"Verify, Don't Trust"
VeritasChain Standards Organization