Compliance Evidence Export

VeriProof exposes several evidence artifacts today, but it does not currently ship a single framework-driven export builder where you choose EU AI Act articles, NIST functions, or arbitrary date ranges and receive a generated regulator package.

This page documents the export surfaces that are actually available in the current portal and API.

Available Today

Artifact	Access path	Format	Best used for
Session governance evidence	`GET /v1/sessions/{id}/evidence?format=json`	JSON	Programmatic review of one decision session
Session evidence pack	`GET /v1/sessions/{id}/evidence-pack`	PDF	Human-readable session dossier for legal, compliance, or audit review
Session structured export	`GET /v1/sessions/{id}/export/csv`	CSV	Spreadsheet or downstream analysis of one session
GDPR subject evidence pack	Compliance workspace or GDPR center	PDF or ZIP	Subject-access and privacy review workflows
Auditor evidence pack	Compliance workspace or auditor access flow	ZIP	Third-party auditor handoff
Blockchain audit certificate	Compliance workspace	PDF	Proof of integrity for regulator or auditor review
Bulk application evidence export	`POST /v1/applications/evidence/bulk-export`	ZIP	Multi-session export for one or more applications

If you need a framework-specific package today, assemble it from these artifacts plus your own system documentation, policies, and incident records. The current product gives you tamper-evident session evidence and audit artifacts; it does not yet generate a complete EU AI Act or NIST package from a single export wizard.

What The Portal Exposes

In the current Compliance workspace, the Evidence Exports panel exposes three concrete flows:

Select a GDPR data subject and download either a PDF evidence pack or a ZIP evidence pack.
Select an auditor access link and export an auditor evidence ZIP.
Download a Blockchain Audit Certificate as a PDF.

These are the export surfaces that match the shipped UI. The portal does not currently present a framework selector, article picker, date-range export builder, or export job queue.

Programmatic Exports

Session governance evidence JSON


GET /v1/sessions/{sessionId}/evidence?format=json
Cookie: veriproof_customer_token=...
Accept: application/json

Use this when you need the evidence model for a single session in a machine-readable form.

Session evidence pack PDF


GET /v1/sessions/{sessionId}/evidence-pack
Cookie: veriproof_customer_token=...
Accept: application/pdf

Use this when you need a human-readable dossier for a single decision session.

Session CSV export


GET /v1/sessions/{sessionId}/export/csv
Cookie: veriproof_customer_token=...
Accept: text/csv

Use this when you need a tabular export of the session and step structure.

Bulk application evidence ZIP


POST /v1/applications/evidence/bulk-export
Cookie: veriproof_customer_token=...
Content-Type: application/json
Accept: application/zip
 
{
  "applicationIds": [
    "11111111-1111-1111-1111-111111111111",
    "22222222-2222-2222-2222-222222222222"
  ]
}

This builds a ZIP package across one or more applications. The current implementation caps the request size and exports the most recent sessions for each accessible application.

Building A Regulator Or Auditor Package Today

For enterprise diligence, incident response, or framework-specific review, the practical workflow today is:

Pull the session-level evidence JSON or PDF for the exact decision records in scope.
Export GDPR or auditor ZIP artifacts from the portal when the review is person- or auditor-scoped.
Download the blockchain audit certificate when you need an integrity artifact alongside the evidence.
Use the bulk application ZIP when you need a wider sample across applications.
Combine the VeriProof artifacts with your own policy, model, incident, and system documentation.

That workflow is less magical than the fictional one-click framework export, but it is real, defensible, and aligned to the product that currently ships.

Not Yet In This Prerelease Docs Set

The following surfaces are not currently documented as supported because they do not exist in the reviewed implementation:

No client.compliance.export_evidence(...) SDK API
No POST /v1/compliance/export package-generation endpoint
No framework/article/function picker in the current portal export UI
No export polling workflow or export-completed webhook for framework packages

Next Steps

EU AI Act Evidence Walkthrough — assembling an Article 11 package with current artifacts
GDPR Cryptographic Erasure — GDPR-specific privacy evidence
Compliance Evidence guide — practical session-level evidence retrieval