Compliance Evidence Export

When a regulator, auditor, or compliance reviewer requests proof that your AI system made a specific decision — and that the record has not been altered — you export a compliance evidence package. This package includes the session record, its Merkle proof, and the on-chain anchor, all in a format the reviewer can independently verify.

What a compliance evidence package contains

Component	Contents	Purpose
Session record	Trace data, decision context, governance events, outcome	The readable description of what the AI did
Merkle proof	Leaf hash, path, and root	Proves the record was included in a specific batch
Anchor record	Transaction ID, block number, timestamp, tree address	Proves the batch root was written to a public blockchain at a specific time
Verification report	Computed hash, expected hash, pass/fail	Pre-computed audit summary for non-technical reviewers

The package is tamper-evident: if any field in the session record has been modified since anchoring, the hash comparison in the verification report will fail.

Exporting from the Customer Portal

Find the session

Navigate to Decisions or AI Sessions and locate the session you need to export. Use the search and filter controls to narrow by date range, application, or session ID if you know it.

Open the session detail

Click the session row. The detail panel shows the full session record, governance annotations, and blockchain anchor status.

Sessions that are still pending anchoring show a status of Anchoring in progress. If you need to export a legally defensible package, wait until the status shows Anchored (typically within 30 seconds to 2 minutes of ingest).

Export the package

Click Export Evidence in the session detail panel. Select your preferred format:

Format	Best for
JSON Bundle	Machine-readable verification, developer review
PDF Report	Non-technical auditors, regulator submissions
Both	Complete package with both representations

Click Download to receive the export file.

Compliance workspace exports

For audit hand-offs from the Compliance workspace:

Open Compliance in the left sidebar.
Select the Evidence Exports tab.
Choose either a GDPR Data Subject or an Auditor Access Link.
Use Download Evidence Pack (PDF), Export as ZIP, or Export Auditor Evidence (ZIP) depending on the package you need.

Programmatic export via API

Export a single session’s evidence bundle from the Customer Portal API:

Python


import httpx
 
# Authenticate with your portal session token or customer API key
headers = {
    "Authorization": "Bearer your-portal-jwt",
    "X-API-Key": "your-secondary-api-key",
}
 
# Export JSON bundle for a specific session
response = httpx.get(
  "https://my.veriproof.app/v1/sessions/loan_0042/evidence",
    params={"format": "json"},
    headers=headers,
)
evidence = response.json()
 
# Save to disk
with open("evidence_loan_0042.json", "w") as f:
    import json
    json.dump(evidence, f, indent=2)

TypeScript


const response = await fetch(
  'https://my.veriproof.app/v1/sessions/loan_0042/evidence?format=json',
  {
    headers: {
      'Authorization': 'Bearer your-portal-jwt',
      'X-API-Key': 'your-secondary-api-key',
    },
  }
);
 
const evidence = await response.json();

curl


curl -s \
  -H "Authorization: Bearer your-portal-jwt" \
  -H "X-API-Key: your-secondary-api-key" \
  "https://my.veriproof.app/v1/sessions/loan_0042/evidence?format=json" \
  | jq '.'

Verifying the evidence independently

Reviewers who want to independently verify the package (without relying on VeriProof) can check three things:

Step 1 — Recompute the session hash


from veriproof import compute_merkle_root_hex
 
with open("evidence_loan_0042.json") as f:
    evidence = json.load(f)
 
# Recompute from the raw session record
session_record = evidence["session_record"]
computed_leaf_hash = compute_merkle_root_hex([session_record])
expected_leaf_hash = evidence["merkle_proof"]["leaf_hash"]
 
assert computed_leaf_hash == expected_leaf_hash, "Session record was tampered"
print("Session hash matches:", computed_leaf_hash)

Step 2 — Verify the Merkle proof


from veriproof import verify_proof
 
proof_valid = verify_proof(
    leaf_hash=evidence["merkle_proof"]["leaf_hash"],
    proof_path=evidence["merkle_proof"]["path"],
    root=evidence["merkle_proof"]["root"],
)
assert proof_valid, "Merkle proof invalid: session not in this batch"
print("Merkle proof valid")

Step 3 — Confirm the root on-chain

Look up the Solana transaction ID from evidence["anchor"]["transaction_id"] on Solana Explorer or the Solana FM block explorer . The transaction data contains the Merkle root hash. Confirm it matches evidence["merkle_proof"]["root"].

The PDF report includes a pre-computed verification summary that non-technical reviewers can present to auditors without running code. The PDF also includes a QR code linking to the Solana transaction.

Retention and availability

Plan	Evidence availability
Starter	2 years
Growth	7 years
Enterprise	Configurable, up to indefinite (self-hosted storage option)

On-chain anchors on Solana are permanent and publicly accessible from the transaction ID regardless of your VeriProof plan or subscription status.

Regulatory format notes

EU AI Act / GDPR: The JSON bundle contains the required transparency fields (model identity, decision basis, human oversight type) as defined in the governance annotation vocabulary.

US financial regulators (OCC, CFPB model risk): The PDF report is formatted to satisfy the documentation requirements in SR 11-7. Include the PDF and the JSON bundle for complete audit capability.

ISO 42001 (AI Management Systems): Bulk exports can be generated per audit period and stored in your document management system alongside other ISO 42001 evidence.

Next steps

Blockchain Verification — detailed independent verification walkthrough
Compliance Monitoring — set up ongoing monitoring dashboards
Governance Scoring — understand how governance scores appear in evidence packages