Cryptographic proof of who signed what about your AI model
Auditors, customers, and regulators are asking the same question: who attested what about this AI system, and can you prove it wasn't changed? An AI-Governance Evidence Pack answers it with a signed, independently-verifiable artifact — your own AI Bill of Materials, evaluation, execution trace, and signed policy, cross-bound to one model. You sign your legs; TRELYAN cryptographically verifies their signatures and packages them into a pack anyone can re-derive offline.
Not sure where you stand yet? Take the free AI-governance readiness check first — it stays in your browser and shows which signed evidence you're missing.
Your signed inventory of the model + training data (CycloneDX 1.6 ML-BOM), with a Declaration-Assurance grade.
Your signed evaluation, bound to the AIBOM's model, with a posture grade earned from a registry-validated suite.
Your runner-attested, hash-chained provenance log, committing the model + inventory.
Your compliance owner's signed, versioned admission policy — the criteria themselves become verifiable evidence.
MAP ∧ MEASURE ∧ MANAGE ∧ GOVERN cross-bound to ONE model by distinct signers; the admission is re-derived, never asserted.
REPORT.md + VERIFY.md: the buyer re-derives ADMIT/BLOCK offline under the parties' public-key pins with the MIT @trelyan/verify-pqc toolkit.
Sign-in required. Payment settles through a hosted NOWPayments invoice (BTC, ETH, SOL, ALGO + 300 more). You provide your signed governance legs (AIBOM, evaluation, trace, policy); we cryptographically verify their signatures and package them.
Enterprise / portfolio, fiat invoicing & procurement terms, or an annual re-attestation cadence? Contact sales.
A self-verifiable AI-Governance Evidence Pack. It cryptographically proves WHO signed WHAT — your declarant, evaluator, runner, and compliance owner over ONE identified model — and that the packaged artifacts re-derive to a consistent verdict under your parties' public-key pins. It does NOT assert that the model is safe, accurate, unbiased, adequate, or compliant. TRELYAN cryptographically verifies the SIGNATURES on your own governance legs and packages them — TRELYAN does not sign them and does not validate the truth of the claims they contain. This is not a certification, not an audit opinion, not a conformity assessment, and not legal or regulatory advice. It supports NIST AI RMF and EU AI Act preparation only — consult your compliance officer.
Also migrating cryptography? The PQC-migration Evidence Pack proves where your stack stands on post-quantum readiness — the two together are a full-stack evidence posture.