What is a tamper-evident receipt, and why should I care?

If you ship AI in financial services, healthcare, hiring, credit, insurance, or anything else the EU AI Act calls "high-risk," you are about to owe regulators something specific: a record of every consequential AI decision your system made, signed in a way no one can quietly edit.

Logs don't cut it. Logs are too easy to change. Logs don't prove anything about the decision itself.

What you need is a tamper-evident receipt. This post explains what that is and what's involved in producing one that's actually defensible.

What "tamper-evident" actually means

A tamper-evident record has three properties:

1. It's cryptographically signed. The signature includes a hash of the record's content. If anyone changes a single character, the signature no longer verifies.
2. It's timestamped against an authority you don't control. A signed record with a self-claimed timestamp is worth less than one whose timestamp can be independently checked.
3. The signing key is auditable. Someone other than you can verify which key signed it and confirm the key was in your custody at the claimed time.

That's it. Three properties. They're not new. They're how every certificate authority on the web works, how every code-signing pipeline works, how every banking transaction settles.

What's new is applying them to AI decisions.

What's in a Prova receipt

When Prova catches a coordination loop -- or more broadly, when Prova produces a verdict on any AI system event -- it emits a receipt with this shape:

• Receipt ID -- a unique, prefixed identifier like RCP-9F4A2E71D03B
• Event hash -- SHA-256 of the event Prova analyzed
• Verdict -- valid / caught-a-loop / contradicted / unsupported-leap
• Findings -- the specific agents involved, the step the issue formed, the state keys driving it
• Timestamp -- ISO 8601 against UTC, anchored to NTP
• Signature -- Ed25519 signature over all of the above, using a key whose public half is published
• Verifier version -- which version of Prova produced the verdict

Any third party can verify a receipt: take the content, recompute the hash, check the signature against our published public key. No call to Prova required.

Why this matters

EU AI Act Article 12 (the logging obligation) requires high-risk AI providers to keep "automatically generated logs" sufficient to trace AI system events back to their origin. That's the floor. It's a low floor.

The ceiling is what regulators will actually want when they investigate an incident. They will want evidence that the AI didn't quietly go wrong six months ago and that the logs you're showing them are the same logs that existed at the time. That requires receipts, not just logs.

Specifically: an auditor at the FDA, the SEC, or an EU regulator will eventually ask you variants of these questions:

• "Show me the decision your AI made on customer X at time T."
• "Prove that this record hasn't been altered since."
• "Prove the version of the AI that made the decision matches the version you certified."

Logs answer the first question. They cannot answer the second or third. A receipt can.

Is this overkill?

For a side project: yes.

For shipping AI in a regulated industry: no. The cost of not having receipts is one bad-faith incident away from being existential. Class-action lawyers and regulators are going to ask for them. The cost of producing them is one library import.

We are not the only people doing this. Industry-wide, "model cards" and "AI bills of materials" are moving in this direction. What's new in Prova is doing this at the event level, not just at the model-version level. Every individual AI decision your system makes can carry its own receipt.

Try it

The live demo at /demo shows the full flow -- a coordination loop, a verdict, and a receipt -- in about twelve seconds. The receipt at the end is real: you can take its hash and verify the signature on our public key.

If you're navigating EU AI Act compliance for a high-risk system, book a call. We've spent a lot of time with the obligations and can help you figure out what an auditor will actually ask for.