Skip to Content
Governance & ComplianceEU AI ActEvidence Packaging Walkthrough

Evidence Packaging Walkthrough

This walkthrough explains how to assemble an EU AI Act documentation package using the evidence artifacts VeriProof actually exposes today. The current product does not generate a one-click Article 9/10/11/13/17 package. Instead, you build that package from session evidence, application exports, blockchain integrity artifacts, and your own system documentation.

This workflow assumes you already capture production sessions with VeriProof. If not, start with Getting Started and the Compliance Evidence guide.

Before You Begin

Gather the non-VeriProof materials that Article 11 and Annex IV still require from you:

  • System description and intended purpose
  • Architecture and deployment documentation
  • Change-management and incident-management records
  • Responsible-person and quality-management documentation

VeriProof contributes the tamper-evident production evidence layer. It does not replace the rest of your technical documentation pack.

Step-by-Step Walkthrough

Verify session capture completeness

Before exporting anything, confirm that the relevant application has continuous session capture across the period you want to defend. Use the application dashboard and compliance workspace to spot gaps, anomalies, or missing environments.

Pull representative session evidence

Download evidence for the decision sessions you expect to cite in your package:

  • GET /v1/sessions/{id}/evidence?format=json for machine-readable evidence
  • GET /v1/sessions/{id}/evidence-pack for human-readable PDF evidence packs
  • GET /v1/sessions/{id}/export/csv for structured spreadsheet review

Use these exports for the specific decisions, incidents, or sample records you plan to reference in the package.

Export broader application evidence when needed

If you need a wider sample across one or more applications, use the bulk application export:

POST /v1/applications/evidence/bulk-export
Cookie: veriproof_customer_token=...
Content-Type: application/json
 
{
  "applicationIds": ["11111111-1111-1111-1111-111111111111"]
}

This gives you a ZIP artifact for a broader evidentiary sample than a single session export.

Add integrity artifacts

From the Compliance workspace, download the Blockchain Audit Certificate when you need an integrity proof alongside the session or application evidence. Include it anywhere you want to show that the exported records were not altered after capture.

Add privacy or auditor-specific evidence when relevant

If the package is tied to a data subject or external review process, use the current portal exports rather than a generic framework export flow:

  • GDPR subject evidence pack PDF or ZIP
  • Auditor evidence ZIP

Assemble the final EU AI Act package

Combine the VeriProof artifacts with your own technical documentation into a single review set. In practice, most teams structure the package like this:

  • System and deployment documentation from your engineering team
  • Risk-management and quality-management documents from your governance process
  • VeriProof session evidence, bulk evidence ZIPs, and blockchain certificate
  • Incident or remediation notes from your operating process

That gives you a real, defensible package for Article 11 and related obligations without pretending the product already ships a regulator-ready framework wizard.

Incident-Focused Package Assembly

For a serious-incident or regulator-response package:

  1. Identify the exact sessions involved in the incident window.
  2. Export the relevant session evidence JSON/PDF artifacts.
  3. Add a bulk application ZIP if you need surrounding context.
  4. Attach the blockchain audit certificate.
  5. Add your root-cause analysis, corrective actions, and external communications.

Next Steps

Last updated on
Article 17 — Quality ManagementOverview