Regulator / Compliance Evidence-first governance documentation

Regulator & Compliance Evidence

VerifAIer produces deterministic, hash-verifiable governance evidence for regulatory review, internal audit, and compliance officers. Every receipt is replay-safe: the same inputs always produce the same hash. No VerifAIer access is required to verify the evidence chain.

ADV authoritative_for_wiw = false — VerifAIer provides evidence. Regulators determine compliance outcomes.

Regulator Evidence Bundle Contents

Produced by: vai enterprise export-bundle --bundle-type regulator_review_bundle
Receipt Manifest
Format JSON
Contents All governance receipts in this bundle period
Signed Ed25519
Deterministic YES
TVAM-lite Proof Chain
Format JSON
Contents 12-node hash chain from receipt to bundle
Verifiable Independent
Replay-safe YES
Advisory Statement
Format JSON + Text
Contents authoritative_for_wiw=false declaration, posture summary
Purpose Clarifies advisory scope to regulator

Sample Governance Receipt

Every governance decision produces a deterministic signed receipt
receipt_id vai-pr-20260514-0842-a1c9e5
receipt_hash sha256:e4f7a2b9d1c6e3f0a8b4c7d2e5f1a9b3c6d0e4f7a2b9d1c6e3f0a8b4c7d2e5
signed_by ed25519:globalcorp-signing-key
governance_action BLOCK
findings_count 2
top_rule SHELL_INJECTION_RISK
profile pr-review
scope introduced-only
ref v2.4.0...v2.5.0-rc1
team platform-eng
ai_agent Cursor
timestamp 2026-05-14T08:42:00Z
authoritative_for_wiw false
is_advisory_only true
replay_safe true
Verify: vai ci verify --receipt-file <file>  ·  Same inputs always produce same receipt_hash

TVAM-lite Proof Chain

12-node deterministic hash chain — GlobalCorp 2026-W20
T
e4f7a2
Receipt Hash
T
ed25519
Signing
V
b7d3f2
Vault
V
a1c9e5
Decision
A
b84100
Workflow
A
c7d2e5
Evidence
A
n/a
Federation
M
f1a9b3
Proof
M
c6d0e4
Identity
M
b7d3f2
Workspace
M
a1c9
Token
M
e5b8
Bundle

T=Traceable   V=Verifiable   A=Auditable   M=Machine-readable   | Federation node absent in this enterprise deployment (requires 7N).

Regulator Handoff Workflow

Evidence preparation to delivery
1
Produce signed evidence bundle
vai ci evidence --signed --output-dir regulator-evidence/
2
Export regulator review bundle
vai enterprise export-bundle --bundle-type regulator_review_bundle
3
Record bundle hash for chain of custody
sha256sum regulator-review-bundle-*.zip > bundle-hashes.txt
Regulator can independently verify the hash without VerifAIer installed.
4
Deliver bundle + advisory statement to regulator
# Transfer via secure regulator submission portal or encrypted email
Bundle includes advisory_statement.json confirming authoritative_for_wiw=false.

Governance Invariants — For Regulators

Hard-coded — not configurable
authoritative_for_wiw=false deterministic replay-safe local-first no-external-calls Ed25519-signed air-gap-capable SHA-256 receipts

authoritative_for_wiw=false is a hard-coded non-configurable invariant. VerifAIer Sentinel identifies governance risks and produces advisory evidence. It does not determine compliance outcomes, assign liability, or override human judgment. Regulators use VerifAIer evidence as input to their own determinations.

Regulatory Engagement
Questions About the Evidence Chain?

VerifAIer evidence bundles are designed to be self-contained and verifiable without VerifAIer access. Full technical documentation available on request.