Open Protocol · IETF SCITT Track · Live
EU AI Act Article 50 enforcement begins August 2, 2026. LedgerProof is the open cryptographic protocol that produces verifiable receipts for every AI-touched interaction — Foundation-stewarded, anchored to Bitcoin, verifiable offline by any auditor, regulator, or you.
The Protocol
01 Emit
Five-minute SDK install (Python or TypeScript). Each receipt includes the model identifier, prompt and response hashes, timestamp, and deployer context. No PII required — the schema rejects email-shaped values in policy-protected fields at parse time.
02 Anchor
Receipts aggregate into a Merkle tree at the operator side. The tree root anchors to Bitcoin mainnet via OP_RETURN on a configurable cadence (default 60 minutes; configurable down to 10 for high-volume deployers). The anchor is permanent.
03 Verify
Auditors, regulators, or you can verify a receipt offline: Bitcoin chain + published protocol public key + the receipt itself. No call to LedgerProof servers required. Reference verifier is open source and runs in any browser.
Verification is structurally independent of LedgerProof. If we disappear tomorrow, every receipt ever issued remains verifiable.
The Compliance Spectrum
Every other solution category has a structural reason it cannot fill the full Article 50 spectrum — vendor conflict of interest, wrong granularity, wrong substrate, or no compliance schema at all. LedgerProof's protocol-and-Foundation architecture is the only design that satisfies all twelve buyer requirements simultaneously. The reasons are architectural, not effort-based; competitors cannot close the gap without dismantling their existing business model.
| Buyer requirement | Vanta / Drata / OneTrust |
AWS / Azure / GCP compliance tooling |
Microsoft Purview + Conf. Computing |
OpenTimestamps (closest open primitive) |
Ethereum attestation svcs (EAS, etc.) |
Build-it-yourself internal compliance |
LedgerProof / OCPP-AI v1.0 |
|---|---|---|---|---|---|---|---|
| Article 50 sub-obligation coverage | |||||||
| 50(1) chatbot disclosure receipts | ⚠ | ✗ | ⚠ | ✗ | ⚠ | ✗ | ✓ |
| 50(2) AI-output disclosure receipts | ⚠ | ✗ | ⚠ | ✗ | ⚠ | ✗ | ✓ |
| 50(4) deepfake provenance receipts | ✗ | ✗ | ✗ | ✗ | ⚠ | ✗ | ✓ |
| 50(5) GPAI / synthetic-output markings | ⚠ | ⚠ | ⚠ | ✗ | ⚠ | ✗ | ✓ |
| 50(6) public-interest accuracy reporting | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✓ |
| Architectural and evidentiary requirements | |||||||
| Independently verifiable (no vendor required) | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✓ |
| Tamper-evident, public-chain finality | ✗ | ✗ | ⚠ | ✓ | ⚠ | ✗ | ✓ |
| Regulator-grade evidence (holds in EU court) | ✗ | ✗ | ✗ | ⚠ | ✗ | ✗ | ✓ |
| Open specification, no vendor lock-in | ✗ | ✗ | ✗ | ✓ | ✓ | N/A | ✓ |
| Bitcoin-anchored (not Ethereum, not vendor DB) | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✓ |
| EU-jurisdiction sovereignty (EBSI dual-anchor) | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✓ |
| Per-transaction granularity (not batched reports) | ✗ | ✗ | ✗ | ✓ | ✓ | ⚠ | ✓ |
| Why this category structurally cannot close the gap | SaaS data lock-in IS their moat. Cryptographic immutability dismantles their own switching-cost story. | Sell AI services to the regulated parties. Irreconcilable conflict of interest. EU regulators will not accept vendor-as-judge. | Same conflict of interest as hyperscalers. Attestations chain to MS hardware root, not neutral substrate. | A low-level timestamping primitive only. No schema, no signing, no Article 50 profile, no enterprise SLA, no governance. | Wrong substrate. Smart-contract risk, MEV, validator centralization make Ethereum un-defensible as regulatory evidence in EU. | Internal databases create circular trust. Article 50 requires independent verifiability that an internal system definitionally cannot provide. | Foundation-stewarded protocol + LedgerProof Inc. for managed services. Foundation neutrality removes vendor conflict. Bitcoin substrate provides regulatory-grade finality. Open spec removes lock-in. |
Legend. ✓ Full coverage · ⚠ Partial · ✗ No coverage · N/A Not applicable. LedgerProof is the only column with full mint coverage across all twelve requirements.
August 2, 2026
EU AI Act Article 50 obligates deployers of GPAI systems to make AI-touched interactions transparent to regulators and to the natural persons interacting with the system. Enforcement begins Tuesday August 2, 2026.
The obligation is real. The evidence format is not yet specified. Today's compliance answer is logs in a CloudWatch bucket or a vendor PDF that the regulator cannot independently verify. After August 2, that answer needs to be cryptographic, machine-readable, and auditable in seconds.
LedgerProof is the protocol that produces that evidence. It is open. It is permissionless. It is Bitcoin-anchored. It is offline-verifiable. We do not offer presumption of conformity — that flows through CEN-CENELEC harmonized standards under Article 40, a separate process we participate in via DIN SME membership and CEN-CENELEC JTC 21. What we offer is the cryptographic evidence trail a competent authority can re-verify from public sources.
Structure
Public-interest protocol steward
Commercial operator
The protocol's permissionless openness limits the operator's monopoly economics. That's by design.
Deployers
Open
draft-dawkins-scitt-ai-article50-00 published on Datatracker. Working group adoption in progress; CEN-CENELEC JTC 21 New Work Item Proposal in preparation.
Python (pip install ledgerproof), TypeScript (npm install @ledgerproof/sdk), Rust. Apache 2.0 license. Receipts produced and verified offline.
NCC Group, Trail of Bits, and Cure53 engagements opening week of June 8, 2026. Combined audit memo publishes August 31 at security.ledgerproofhq.io.
"The compliance regimes that produce real public benefit are open ones. The protocol that proves AI compliance to regulators, customers, and auditors should be open, permissionless, and free of single-vendor capture. That's the protocol we're building. If you're a deployer who needs Article 50 evidence by August 2, an engineer who wants to read the spec, or a regulator who wants to verify a receipt for yourself — you're welcome here."
— Veronica S. Dawkins, Founder