The Flight Recorder for AI
Aircraft have flight data recorders. Nuclear plants have detailed monitoring systems.
But AI systems making millions of decisions per second? Almost none have tamper-proof records.
VAP solves this problem.
"Encoding Trust in the AI Age"
Maintained by VeritasChain Standards Organization (VSO)
The regulatory landscape and incident trends demand a new approach
Tamper Detection
Hash chain + Merkle tree
Causal Traceability
Input → Decision → Outcome
Legal Evidence
Cryptographic proof
A cross-domain meta-framework for cryptographically verifiable AI decision provenance
VAP (Verifiable AI Provenance Framework) specifies the requirements for cryptographically verifiable decision provenance common to all high-risk AI systems — a cross-domain meta-framework.
VAP is NOT "regulation that stops AI."
VAP IS "provenance infrastructure that enables AI to continue operating safely."
VAP is NOT an implementation specification.
Actual implementations are domain-specific profiles: VCP (Finance), MAP (Medical), DVP (Automotive), EIP (Energy), PAP (Public Policy)
VAP defines "the minimum conditions that must be met."
Think of VAP as the "interface contract" — domain profiles are the "implementations."
VAP targets domains where: "When it fails, people or society seriously die or collapse."
Systems where failures cause irreversible damage to human life, social infrastructure, or democratic institutions.
Five high-risk domains where AI decision transparency is not optional — it's existential
VeritasChain Protocol
Algorithmic trading audit trails, HFT systems, AI-driven trading strategies
Medical AI Protocol
AI diagnostic systems, imaging analysis, treatment recommendations
Driving Vehicle Protocol
Autonomous driving (L3-5), ADAS, aviation AI, drone control
Energy Infrastructure Protocol
Smart grid AI, power network management, critical infrastructure
Public Administration Protocol
Credit scoring, welfare decisions, immigration AI, hiring algorithms
In these 5 domains, AI transparency and traceability is not "nice to have" — it's "civilization cannot function without it."
VAP / VSO / Domain Profiles — A three-layer standardization structure
Conceptual Meta-Framework
Defines the minimum requirements common to all domains — the abstract layer for AI decision provenance
defines & maintains
Standards Body
The organization that develops, maintains, and certifies VAP — ensures consistency across profiles
publishes profiles
Domain-specific protocol implementations
Four core layers that make AI decisions cryptographically verifiable
Integrity Layer
Decision Origins
Time Consistency
Future-Proofing
All VAP domain profiles (VCP, MAP, DVP, EIP, PAP) share a common cryptographic foundation
One Core, Many Profiles — Domain profiles extend VAP but never replace the Shared Assurance Core.
JCS (RFC 8785) — Deterministic JSON serialization for consistent hashing across implementations.
UUIDv7 — Time-ordered unique identifiers enabling temporal ordering and global uniqueness.
SHA-256 / SHA-3 — Cryptographic linking of events for tamper detection and integrity verification.
Merkle Trees — Efficient batch verification and external anchoring to TSA or blockchain.
Ed25519 + Dilithium — Current and post-quantum signature algorithms with defined key lifecycle.
Standardized Verify Procedure — Defined proof structure and verification algorithm for cross-domain interoperability.
All profiles inherit and implement the Shared Assurance Core
Explanation ≠ Verification — Understanding the fundamental difference
| Aspect | Explainable AI (XAI) | Verifiable AI (VAP) |
|---|---|---|
| Question Answered | Why was this decision made? | Can we prove this decision actually happened? |
| Output Type | Post-hoc interpretation | Cryptographic evidence |
| Tamper Resistance | None | Hash chain detection |
| Analogy | "Let me explain with a PowerPoint" | "Here's the black box data" |
| Legal Standing | May be challenged | Cryptographic proof |
XAI answers "Why?" — VAP answers "Did it really happen, and can you prove it?"
VAP is designed to meet current and emerging international regulations
Automatic logging for high-risk AI
Algorithmic trading recording requirements
Data protection & right to erasure (Crypto-shredding)
Consolidated Audit Trail
Critical infrastructure security
Medical AI device guidance
Path toward international recognition and adoption
Initial draft submission to Internet Engineering Task Force
Engagement with ISO Technical Committee for financial services standardization
Harmonization with international AI standards committee
Potential IEEE standardization track
VSO is an international standards body for AI decision provenance
VSO is positioned like W3C, IETF, IEEE, or FIX Protocol — defining rules for the public good, not selling certifications.
Like IETF for Internet protocols or W3C for Web standards,
VSO provides the rules — not the business.
Join the movement to establish cryptographic trust infrastructure for AI systems
"Aircraft have flight recorders. AI needs one too."
— VeritasChain Standards Organization
VAP Framework Specification is licensed under CC BY 4.0 International