Compliance Monitoring
Compliance monitoring in VeriProof means maintaining a continuous picture of how well your AI applications are governed — not just recording individual decisions, but tracking trends, surfacing patterns, and alerting on degradation before it becomes a compliance incident.
This guide walks through the tools available and how to use them together.
The Compliance Center
The Compliance Center in the Customer Portal is your primary monitoring workspace. It aggregates governance data across all your applications and surfaces the metrics that matter for regulatory compliance.
Overview dashboard
The overview dashboard shows:
- Total sessions ingested over the selected period (default: last 30 days)
- Blockchain anchor status — the percentage of sessions successfully anchored
- Average governance score across all applications
- Alert activity — open and recently resolved alerts
- Session risk distribution — breakdown by MINIMAL / LOW / MEDIUM / HIGH / CRITICAL
- Guardrail activity — sessions with blocked, flagged, or allowed guardrail events
Application-level view
Click any application to drill into its compliance profile:
- Governance score trend (7-day and 30-day rolling averages)
- Decision distribution (approved / denied / deferred / escalated)
- Guardrail failure rate over time
- Sessions requiring manual review
- Compliance evidence export history
Tracking governance score trends
A single governance score on a single session is data. A trend is insight.
The compliance dashboard tracks governance score as a rolling average at the application level. Two views are provided:
7-day view: useful for detecting in-sprint regressions after a model update or prompt change.
30-day view: useful for identifying slow drift that emerges over weeks — for example, a gradual reduction in grounding annotation coverage as engineers stop adding it to new endpoints.
To investigate a score drop:
- Open the application in the Compliance Center.
- Click the score drop point on the trend chart.
- The view filters to sessions from that time window.
- Sort by governance score ascending to see the lowest-scoring sessions first.
- Open individual sessions in Time Machine to identify what annotation patterns are causing the drop.
Governance score baselines and targets
You can set a governance score target per application in the portal:
- Navigate to Applications → [your app] → Governance Settings.
- Set the Target governance score (default: 75).
- Enable Alert on score below target to create an automatic alert rule.
When the application’s rolling average drops below the target for 24 consecutive hours, the alert fires. See Alert Rules for notification configuration.
Continuous anchoring verification
The Compliance Center tracks blockchain anchoring status as an operational metric:
| Status indicator | Meaning |
|---|---|
| ✅ All anchored | All sessions from the period have confirmed on-chain anchors |
| ⏳ Anchoring in progress | Some sessions are in the 30-second anchoring window |
| ⚠️ Anchor backlog | Sessions older than 5 minutes without an anchor; investigate ingest pipeline |
| ❌ Anchor failures | Sessions that failed anchoring; action required |
A healthy production deployment should maintain 100% anchoring success. Any ❌ events are logged with a reason code and available in Compliance Center → Anchor History.
Setting up your monitoring workflow
For EU AI Act compliance
Focus your monitoring on high-risk applications. For each:
- Enable
human_oversight.typeannotation in your SDK integration (see First Integration) - Set a governance score target ≥ 80
- Configure an alert rule for any session with
risk_level = HIGHthat lacks ahuman_oversight.typeannotation - Schedule a monthly bulk evidence export for your audit trail
For US financial services (SR 11-7 / model risk)
- Verify that
decision.confidenceis recorded on all loan/underwriting sessions - Set an alert for
confidence < 0.65 AND risk_level = HIGH - Use the session distribution report (month-end export) for model monitoring documentation
- Confirm blockchain anchoring coverage >99.9% in the Compliance Center
For ISO 42001
- Enable governance score tracking for all AI applications, not just high-risk ones
- Use monthly bulk exports as evidence for your management system document trail
- Track governance score trends as your “AI system performance indicator”
- Use the audit history log (in Settings → Audit Log) to demonstrate traceability of governance events
Compliance reports
The Compliance Center can generate three report formats:
| Report | Content | Best for |
|---|---|---|
| Session summary | Count, risk distribution, governance scores, anchor rates by period | Regulatory reporting, board summaries |
| Application governance | Per-application score trends, alert activity, guardrail rates | CISO / governance team review |
| Evidence audit | Exportable list of all sessions with anchor status and download links | External auditor access |
To generate a report: Compliance Center → Reports → New Report.
Integrating with your GRC tool
If you use a GRC (Governance, Risk, and Compliance) tool, you can push compliance data to it from VeriProof via webhooks or API.
Configure a webhook to receive a notification whenever the daily compliance summary is generated:
- Navigate to Settings → Webhooks.
- Create a webhook with the event type
compliance_summary.daily. - The payload contains aggregate metrics that your GRC receiver can ingest.
For bulk data export to a data lake or SIEM, use the Compliance Evidence Export API to programmatically pull session records on a schedule.
FAQ
How often is the governance score recalculated?
The per-session governance score is calculated once, immediately after ingest. Application-level averages are updated in real time as new sessions arrive.
Can I view compliance data for a specific date range in the past?
Yes. All Compliance Center views support date range selection. Default is 30 days. Maximum range depends on your plan’s retention period.
Can multiple users access the Compliance Center?
Yes. Any portal user with the Viewer role or higher can access the Compliance Center. The Compliance Officer role provides read-only access across all applications and can export evidence packages without creating or modifying anything.
Next steps
- Alert Rules — configure automated notifications for governance degradation
- Compliance Evidence Export — export session records for regulatory submissions
- Governance Scoring — understand how the governance score is computed