Verifiable AI Provenance – Assessment Test
A measurement-based assessment program that scores AI systems on
Auditability · Verifiability · Regulatory Readiness
VAP-AT is fundamentally a score-based assessment system. Threshold Designations are an optional interpretive layer to address practical requirements such as procurement and regulatory reporting — they are distinct from Pass/Fail certification. Scores are designed to promote continuous improvement and provide granular information to markets and regulators.
"Verify, Don't Trust" — Evaluate whether AI system audit trails exist in a mathematically verifiable form.
Unlike traditional certifications, VAP-AT evaluates AI systems themselves — not individual skills
VAP-AT is not a personal skills certification (like CISSP). It evaluates AI systems themselves as the assessment target.
Instead of binary Pass/Fail, VAP-AT provides detailed scores and improvement evidence, enabling continuous trust-building. Threshold Designation is an optional interpretive layer for procurement and regulatory reporting.
Three core properties evaluated across all AI systems
Whether audit trails are tamper-resistant and independently verifiable by third parties.
EU AI Act Art.12/19, MiFID II RTS 25
Whether records are complete with no gaps, and observability, schema, and event granularity are properly established.
SEC 17a-4, GDPR Art.17
Whether evidence is "packaged" and ready for submission to auditors and regulators.
EU AI Act Annex IV
AI model accuracy
Business logic validity
Security vulnerabilities
"Safety guarantees"
VAP-AT evaluates the verifiability and auditability of the decision process, not the correctness or legality of AI decisions.
Three-tier structure: Self → Third-party → Continuous
For low-risk AI: recommendation engines, internal efficiency tools
Status: "Self-Assessment"
For medium-risk AI: HR Tech, financial screening support
Status: "Verified by [CAB Name]"
For high-risk AI: medical diagnosis, autonomous driving, critical infrastructure
Status: "Continuous Monitoring Active"
Valid assessment state. Assessment completed, threshold met, subscription active.
Temporarily suspended. Triggered by falling below threshold, critical log gaps, or fraud detection.
Awaiting review. Triggered by spot-check flags or complaints filed.
Validity period ended or subscription cancelled. Requires new assessment.
Automatic suspension: If scores fall below threshold during Continuous Monitoring, assessed entity is notified within 24 hours. If not remediated within 30 days, status automatically transitions to "Suspended" and Public Registry is updated immediately.
10 criteria × 0–2 points = Maximum 20 points
| # | Criterion | Key Question | Regulatory Mapping |
|---|---|---|---|
| 1 | Third-Party Verifiability | Can external parties independently verify audit trails? | EU AI Act Art.12/19, MiFID II |
| 2 | Tamper Evidence | Can unauthorized modifications be detected? | SEC 17a-4 |
| 3 | Sequence Fixation | Is chronological order immutably recorded? | MiFID II RTS 25 |
| 4 | Decision Provenance | Can decision inputs and rationale be traced? | EU AI Act Art.12 |
| 5 | Responsibility Boundaries | Are approvers and overriders clearly identified? | EU AI Act Art.14 |
| 6 | Documentation Completeness | Is technical documentation complete and current? | EU AI Act Annex IV |
| 7 | Retention & Availability | Is evidence retained and retrievable for required periods? | GDPR, MiFID II |
| 8 | Time Synchronization | Is system time synchronized with trusted sources? | MiFID II RTS 25 |
| 9 | Failure & Recovery Logging | Are system failures and recoveries recorded? | DORA |
| 10 | Right to Erasure Compatibility | Can GDPR erasure be supported while maintaining auditability? | GDPR Art.17 |
Threshold Designations provide convenient labels based on score thresholds, but they are not guarantees of legal compliance.
Important Disclaimer: Threshold Designations are convenience labels within the VAP-AT scheme and do not constitute legal compliance guarantees. "EU AI Act aligned" indicates a VAP-AT score that aligns with the auditability standards required by the relevant articles — it does not certify legal compliance. Legal compliance determinations remain the responsibility of the assessed entity and ultimately depend on regulatory authority interpretation.
VAP-AT Auditability Threshold – EU AI Act Art.12/19 aligned
VAP-AT Auditability Threshold – MiFID II RTS 25 aligned
VAP-AT Baseline Auditability Threshold
Robust auditability demonstrated
Auditable with room for improvement
Significant auditability gaps
Fundamentally insufficient
Structural separation of standards-setting and assessment execution to ensure independence and credibility
UKAS, DAkkS, ANAB, JAB, etc.
Accredit CABs to ISO/IEC 17020/17021/17065. Enable global acceptance through IAF MLA mutual recognition.
VeritasChain Standards Organization
Manages VAP-AT criteria, evidence requirements, terminology, and report specifications. Does not conduct assessments (conflict of interest avoidance).
Technical advisors, regulatory observers
Technical consultation, regulatory trend monitoring, conflict of interest oversight. Includes regulator observer seats.
Conformity Assessment Bodies
Multiple independent CABs conduct VAP-AT and issue Score Reports. Pilot phase includes double review by independent CABs, external-majority Impartiality Committee, VSO spot audits, and conflict-of-interest disclosures.
Tools, training, preparation support
Separated from assessment. Prevents "standards body selling pass" scenario. Provided by VSO commercial subsidiary or accredited partners.
Strong regulatory drivers creating demand for AI auditability solutions
Automatic event logging (Art.12), log retention (Art.19), evidentiary robustness
100μs time sync, annual self-assessment
Electronic records retention requirements
Hiring AI bias audit mandate
RegTech market (2023→2028, 124% growth)
AI Governance market by 2030 (30% CAGR)
B2B SaaS willingness-to-pay for SOC 2-equivalent
FedRAMP-equivalent total cost accepted
Phased rollout from foundation to global scale
2025 Q4
2026 Q1–Q2
Pilot CAB Safeguards Applied
2026 Q3–Q4
2027+
To ensure credibility during the pilot phase where the initial CAB may have organizational ties to VSO, the following enhanced safeguards are mandatory:
Dual Review
All pilot assessment reports undergo independent third-party CAB review
External Majority
Impartiality Committee must have external members as majority
Random Audits
VSO conducts spot audits on 20%+ of pilot CAB reports
Disclosure
CAB-VSO relationship disclosed in writing before assessment
Phase 2 Transition: Pilot CAB solo operations will not continue until at least 2 independent CABs are accredited.
Get ahead of regulatory requirements with VAP-AT. Start with self-assessment or engage directly with our pilot program.
Contact: info@veritaschain.org