Skip to content

Early Access opens July 12 · $99/mo · all suites during the launch window · price locked through Q1 2027 · Join the waitlist →

For Internal & External Auditors · Verifier · 2026

Sign the artifact in 2026. Verify the hash in 2031. Same evidence. Byte-identically.

acipta · Agent-based defensibility platform — workflow-grounded.

You are the verifier in the three-buyer model. The CCO carries the regulatory liability. The CTO ships through the platform. You read the evidence at procurement and re-read it at every annual review. acipta is built so the artifact you sign off on today is byte-identically verifiable in 2031 — with standard cryptographic tools, not a proprietary viewer. The cryptographic primitives outlive the platform itself.

Verify SOC 2, HIPAA, GDPR and EU AI Act evidence with standard cryptographic tools — no proprietary viewer.

The auditor's verdict on most compliance platforms

The most common audit findings against compliance-automation platforms:

acipta was architected against these five failure modes specifically. The five fundamentals (Traceability, Explainability, Authorization, Immutability, Reproducibility) plus the four-primitive cryptographic substrate are the technical answers to the deposition questions auditors actually ask.

The four-primitive cryptographic substrate

Every verdict acipta emits runs through four primitives. The combination is what makes byte-identical 5-year replay achievable:

Ed25519 Signature
Per-verdict cryptographic signature applied at write time. Tenant-isolated keys managed in FIPS-validated key management. Verifiable with libsodium, NaCl, or any standard library. The signature covers the sealed record of verdict and source artifact reference + pipeline state.
RFC 3161 Timestamp
Trusted timestamp via independent third-party trusted timestamp authority on every signature. Cloud-agnostic by design — the timestamp is portable across infrastructure changes over the 5-year retention horizon. Verifiable via an independent timestamp authority's published TSA certificate chain. Independent third-party time anchor.
Determinism Ledger
Pinned model versions and the deterministic state required to reconstruct the verdict — hash-chained to the prior verdict. The state required to reconstruct the verdict deterministically. Without this, replay degrades to "approximately the same answer" — which is not audit-defensible.
Evidence Locker
Per-verdict pack containing source artifact (SHA-256-keyed), pipeline state, cryptographic seal, CMC projection records. 90-day hot tier + 5-year cold tier. Independently replayable with standard tools — no acipta login, no proprietary viewer.

The combination is more than the sum of parts. Pull any one out and the system fails the five fundamentals. This is why audit-defensible compliance is a category, not a feature checklist.

The byte-identical 5-year replay test

This is the test that separates audit-defensible compliance from everything else. Given any verdict_id years later:

  1. Reconstruct pipeline state. Pull the Determinism Ledger entry. Identify the version-pinned execution conditions and deterministic state required to reconstruct the verdict. Verify hash chain back to the prior verdict.
  2. Pull the source artifact. Evidence Locker, SHA-256-keyed. Verify the artifact hash matches the verdict's recorded source reference.
  3. Re-execute the deterministic pipeline against the stored source artifact, using pinned models from the Determinism Ledger.
  4. Compare output hashes. If they match — the verdict is independently verified. If they don't — replay fails explicitly. No silent substitution.

The test runs with standard cryptographic libraries. acipta provides reference implementations for verification but does not require them. A skeptical auditor with openssl, a JSON parser, and the independent third-party trusted timestamp authority certificate chain can verify any verdict independently — no acipta access required.

The deposition question: "Counsel, you have submitted this signed evidence pack for verdict 7a1f23... dated May 15, 2026. Run it through your client's verification tool of choice. Does the hash match?" If yes, the verdict stands. If no, the platform's audit trail is invalidated. The test is binary, third-party-runnable, and platform-independent. That is what audit-defensibility requires.

ALCOA+ native to the substrate

For FDA, EMA, clinical-trials, and pharmaceutical audits, ALCOA+ is the regulatory bar. acipta is built so each ALCOA+ property is satisfied by a specific substrate primitive — not retrofitted via process controls:

ALCOA+ PropertySubstrate primitive that satisfies it
AttributableVerdict signed by specific agent + capability token + tenant Ed25519 key
LegibleStructured, human-readable, parseable with standard tools
ContemporaneousRFC 3161 timestamp at write time via independent TSA (an independent timestamp authority)
OriginalSource artifact SHA-256-keyed in Evidence Locker, immutable
AccurateByte-identical replay test guarantees verdict matches original
CompleteFull pipeline-state snapshot in Determinism Ledger, not just the verdict
ConsistentHash-chained verdict ledger, tamper-evident across the chain
Enduring5-year retention contractually guaranteed; cryptographic primitives outlive the platform
AvailableStandard cryptographic tools; no vendor lock-in on verification

This satisfies 21 CFR Part 11 alignment for FDA-regulated workflows, EMA's electronic record requirements, and the converging direction across HIPAA Security Rule AI guidance, EU AI Act Article 12 record-keeping, and SOX 404 for AI-augmented financial controls. ALCOA+ is the substrate, not a deliverable.

What you (the auditor) walk away with at procurement

The procurement-readiness package acipta delivers to the auditor at the deal:

What this means at annual review

The auditor's review cycle becomes simpler, not more complex:

  1. Pick a sample of verdicts from the prior period — by URL, by framework, by date range, by agent class
  2. Run the byte-identical replay against each. Verify hash match.
  3. Spot-check the hash chain across the ledger. Verify continuity.
  4. Sample-test the framework view projections from the CMC. Verify the view definitions reproduce the same per-Article / per-CFR / per-§ verdicts as last year.
  5. Confirm the Plugin Audit Mode signatures for any new ASP-1.0 adapters integrated since last review. Verify boundary signatures.

Five steps, all automated, all reproducible, all independent of vendor cooperation. If acipta is unavailable at year 5 — vendor bankrupt, acquired, or simply offline — the verification still runs. The cryptographic primitives outlive the platform. That is the architectural commitment that makes acipta audit-defensible rather than audit-attestable.

Frequently asked questions

What is the byte-identical replay test?
Given any verdict_id years later, reconstruct full pipeline state from the Determinism Ledger and re-derive the verdict from the stored record. The output must hash-match the original verdict. If it doesn't — model drift, deprecated dependencies, anything — the replay fails explicitly rather than silently substituting evidence. This is the foundational test that separates audit-defensible compliance from compliance automation.
Can opposing counsel verify the replay independently?
Yes. Ed25519 verifies via libsodium, NaCl, or any standard library; RFC 3161 timestamps verify via an independent timestamp authority's published TSA certificate chain; SHA-256 hashes verify with openssl. The Evidence Locker pack is openly verifiable with documented schema. Opposing counsel does not need an acipta login, an acipta-provided viewer, or any proprietary tool.
How does acipta handle LLM model deprecation across the 5-year window?
The Determinism Ledger records the version-pinned inputs needed to reconstruct the verdict. When an upstream LLM vendor deprecates the model used in a verdict, acipta replays against the pinned model bundle stored in the Evidence Locker — not the live deprecated model. The deterministic backbone executes against the same source artifact. The 5-Year Replay Guarantee holds across LLM deprecation.
How does acipta map to ALCOA+ for FDA / EMA / clinical-trials audits?
ALCOA+ is native to the substrate. Attributable: per-verdict signature + capability token + tenant key. Legible: structured and human-readable. Contemporaneous: RFC 3161 at write time. Original: SHA-256-keyed source artifact. Accurate: byte-identical replay. Complete: full pipeline-state snapshot. Consistent: hash-chained ledger. Enduring: 5-year retention + primitives outlive the platform. Available: standard tools. 21 CFR Part 11 alignment is direct.

Run a sample byte-identical replay. 20 minutes.

Pick a verdict_id. We walk through reconstruction, source-artifact retrieval, re-execution, and hash comparison — using openssl, libsodium, and the independent third-party trusted timestamp authority certificate chain. No acipta-specific tool required. The same demo your enterprise audit team will run at procurement.

Related guides

Go deeper

The cryptographic evidence chain

Per-verdict evidence, signed and replayable, verifiable years later.

Per-Article / per-CFR mapping

Evidence mapped to the exact GDPR Article, HIPAA CFR section, control.

Last reviewed · Reviewed by the acipta compliance & accessibility team.

Was this page helpful?