EU AI ACT · ANNEX III 5(b)

Point-in-time Evidence Packs for high-risk credit AI

Verifacta reconstructs time-bounded operational truth from immutable events, so you can export evidence that is source-linked, reproducible, and ready for audit review.

Request pilot conversation See Evidence Pack structure

Early stage: currently onboarding design partners for pilot implementations.

Why this is useful before your first audit

Built to match how audits are run: scoped to a date range, tied to source records, and reproducible without relying on screenshots or memory.

Reality in most teams

Evidence is scattered across model registries, dataset stores, CI/CD, approvals, and documents — owned by different people, with inconsistent linkages.

What breaks in audits

You cannot reliably answer: “Which model was deployed on date X, with which data, approvals, and environment configuration?” without manual reconstruction.

Verifacta's stance

Don't centralize governance “documents”. Centralize the facts (events), then compile the truth at query time.

Entry question: If supervisory review occurred tomorrow, could you evidence what was in production three months ago — without manual reconstruction?

How it works

Verifacta is not a governance platform. It's a compliance system of record for operational evidence: ingest immutable events, reconstruct past truth, export evidence.

1

Ingest facts (append-only)

Material governance actions are recorded as events: model version registered, dataset snapshot linked, approval recorded, deployment activated/deactivated.

2

Compile a snapshot (“as of”)

At a selected timestamp, Verifacta deterministically reconstructs the active system state per environment and builds a traceability graph.

3

Export Evidence Pack

Generate a regulator-readable pack (PDF + JSON): state, linkages, gaps, and an integrity hash so the same query reproduces the same result.

What you get

An Evidence Pack (PDF + JSON) with integrity hash, event lineage, and per-control coverage marked as present, partial, or missing.

Evidence Pack — Snapshot

As of: 2026-02-21T10:00:00Z • Scope: AI-SYS-CREDIT-01
Evidence Partially Complete
Environment
Active model version
Evidence status
Production
MODEL-RISK-7 • v1.8.2
partial
Staging
MODEL-RISK-7 • v1.8.3-rc1
present
Integrity hash
0x7f2a…c91d
sealed

Included sections

System ID • Scope • Deployments • Approvals • Dataset lineage • Event references • Integrity

Gaps report

Visible export: present / partial / missing evidence per obligation category. Critical gaps require human attestation.

What Verifacta does not do

  • No monitoring / runtime integration
  • No “governance dashboards”
  • No legal conclusions or compliance claims
  • No blocking exports in v1

One-time integration model

Machine-to-machine ingestion of governance events. Your systems remain the source of artifacts; Verifacta becomes the source of provable history.

Why this is useful before your first audit

Built to match how audits are run: time-bounded, source-linked, reproducible evidence.

Is Verifacta already deployed at customer sites?

Not yet. We are currently onboarding design partners for pilot implementations focused on one system and one environment.

Does Verifacta provide legal or compliance verdicts?

No. Verifacta provides evidence reconstruction and packaging. Compliance interpretation remains with your risk, compliance, and legal functions.

Looking for design partners

If you are preparing high-risk credit AI controls, we can run a scoped pilot and produce one Evidence Pack from your operational events.

Start a pilot discussion