Trust nothing. Re-derive everything.

So every AI output emits a signed receipt — re-derived offline, by anyone, never taken on trust.

Generate a custom demo See the platform
veriker.cli.verify · 0.1.0
assurance_modeoffline_stdlib
input_manifest_sha25681dfae61b60e…af09
checksfile_integrity PASS
spec_sha_pinning PASS
exit_code0
stateOK
✓ Unchanged offline · no account
Regulatory tracker 60+ AI rules across 30+ jurisdictions, each mapped to the proof it needs. Open tracker

The floor stays free. The packs stay current.

Each pack extends the free verifier with the evidence one regime needs — and regimes drift, so we keep them current.

Conformance
EU AI Act and ISO 42001 evidence mapped clause by clause, re-issued each quarter as the law drifts.
For · regulated AI teams
Flagship
Editorial
Every published item admitted from a verified source — a signed receipt re-derives the quote against it.
For · media and publishers
In build
Stamp
A signed receipt at the point of decision — each claim stamped to the actor and the evidence behind it.
For · payers and adjudicators
In build

Where we fit.

Governance flags it. Evals score it. Logs record it. Guardrails block it. We re-derive it.

Category
Re-derives
Checks output
Blocks live
Offline proof
Signed chain
GovernanceOneTrust
policy
rules
~AI Guard
hosted
PDF
EvalsGalileo
scores
~quality
inline
hosted
scores
ObservabilityDatadog
traces
~judges
after run
hosted
raw logs
GuardrailsNVIDIA NeMo
rule-checks
~output rails
rejects
~self-host
none
Content safetyMicrosoft Azure
classifies
policy
blocks
~container
scores
NEXIVERIFYopen + packs
recomputes
the output
~fail-closed
no login
Merkle chain

A signed receipt proves who issued a result. NEXIVERIFY lets anyone recompute it and check it re‑derives — so the producer’s label is never load‑bearing.

Compared against each vendor’s published documentation, May 2026. Positioned on mechanism, not marketing — we don’t claim to be first or only, only different in what gets re‑derived.

Open at the floor. Mandates at the ceiling.

One fixed annual number per band, scoped to your regime. Flat, never metered. The floor is free, forever.

Open substrate
Free, forever
The open verifier — veriker, Apache 2.0 — free and open source. Any receipt, your machine, no account. Run it on your own sample before anything is signed.
Single-control emitter
From $10,000 / yrby quote
Evidence for one named control — a single logging or marking duty. Entry band.Request a quote

When an auditor or regulator asks for the record behind one duty, you hand them a receipt they re‑check on their own machine — no call back to us.

Stands up one control, for example
  • One HIPAA 164.312(b) audit control
  • One ISO 42001 record control
  • One SEC books‑and‑records line item

Evidence for a single named control. We never say “compliant.”

Regime records emitter
From $25,000 / yrby quote
One regime’s full record and logging control set. Mid band.Request a quote

You can answer a whole regime’s record and logging questions, not just one clause — one emitter standing behind the full control set.

Covers the record set for, for example
  • EU AI Act Article 12 logging
  • MiCA Article 68(9) CASP records
  • DORA Article 10 log continuity
  • MiFID II RTS 24 order records
  • HIPAA 164.312(b) audit controls
  • PCI DSS Requirement 10 log integrity
  • ISO 42001 record controls

Evidence for that regime’s records. Whether every event was captured stays your system’s job.

Mandate-grade emitter
From $50,000 / yrby quote
For rules that write the mechanism into the rule text itself. Top band.Request a quote

For the rules where the regulator wrote the mechanism into the law itself, you get evidence built to that exact mechanism — the records most likely to be examined.

Built to the named mechanism for
  • SEC 17a-4(f) record recreation
  • AI Governance Records Bundle (Article 12 plus ISO 42001)
  • GxP and 21 CFR Part 11 audit trail and e‑signature

Evidence for the named mechanism. It is not a conformity certificate.

Regulations change every year. Each license keeps its emitter current — so the evidence stays valid year over year.

Each engagement is scoped to your regime, quoted as one fixed annual number, flat within a band. Year one includes the six‑week stand‑up. Paid in full upfront.

Tell us the regime and the controls in scope — request a quote and we send back one fixed annual number.

See which regulations each emitter covers

Built for the regulated enterprise.

Where an AI output has to stand up to an auditor, a regulator, or your own model-risk team.

A model fires a credit, fraud, or trading decision — and months later your model-risk team has to reconstruct exactly how, on the version that was live.

The exposure
A second-line challenge or an SEC exam lands on a decision you can no longer re-derive to its model SHA and inputs.
We root
A signed receipt binding each decision to the model version, feature inputs, and reference rates — re-run byte for byte on demand.
Stands up to
Evidence for SEC 17a‑4(f) recreation and SR 11‑7 model-risk review. Not a compliance certificate.
StampConformance

A clinical-AI tool surfaces a recommendation at the point of care — and an IRB, the FDA, or your own safety board asks what data and model stood behind it.

The exposure
An adverse event or audit traces back to an output you can’t tie to its coding reference or validated model version.
We root
Each output anchored to its ICD/coding reference and model SHA, with a tamper-evident receipt re-derived on demand.
Stands up to
Evidence for 21 CFR Part 11 audit trail and HIPAA 164.312(b) controls. We never say “validated.”
StampConformance

An AI coding agent commits an artifact into the build — and now a customer’s security team wants provenance for every machine-authored thing that shipped.

The exposure
A generated artifact enters the pipeline with no lineage a SLSA or SSDF attestation will accept.
We root
A signed receipt per artifact binding source, model, and build step into one tamper-evident Merkle chain.
Stands up to
Evidence for SLSA provenance and NIST SSDF attestation duties. Not a build certification.
EditorialConformance

A model output ships embedded in the product — and a notified body or sector regulator expects it inside the technical file, traceable to its source.

The exposure
An output ships with no record the design history file or technical documentation can stand on.
We root
Conformance evidence per output plus a signed receipt traceable straight into the design history file.
Stands up to
Evidence for ISO/IEC 42001 and your sector’s technical-file duty. Not a conformity mark.
ConformanceStamp

You ship a frontier model into the world — and downstream deployers, and the GPAI transparency duty, ask you to attest what it was trained on and what it emits.

The exposure
Training provenance and released outputs you can’t attest when a deployer or regulator asks for lineage.
We root
Each training source bound to a verified origin; a cryptographic stamp on every output that leaves the lab.
Stands up to
Evidence for EU AI Act Article 53 GPAI transparency. It documents provenance, not safety.
EditorialStamp

Your platform publishes millions of AI-assisted assets — and a rights-holder, a marketplace, or an EU disclosure rule wants provenance for any one of them.

The exposure
An asset goes out with no lineage when a copyright claim or content-disclosure check lands on it.
We root
Every asset bound to a licensed source with a signed, re-derivable receipt — at publish volume.
Stands up to
Evidence for C2PA provenance and EU AI Act Article 50 disclosure. It marks origin, not rights.
EditorialStamp

You’re signing off an AI system into public service — and the sign-off rides on a vendor’s word your office has no way to re-check.

The exposure
A ministerial approval resting on supplier attestation, with no independent re-derivation behind it.
We root
A one-page conformance summary, each claim backed by a receipt your office re-runs itself — no vendor in the loop.
Stands up to
Evidence for public-sector AI assurance and procurement due diligence. Independence is the point.
ConformanceStamp

You sign an assurance opinion — and your name now stands behind an AI-derived conclusion you could not re-perform if a peer reviewer pressed you.

The exposure
An opinion resting on management’s representation, with evidence you can’t independently re-perform.
We root
Each recommendation anchored to evidence the partner re-derives byte for byte and attests in their own name.
Stands up to
Evidence for ISAE 3000-style re-performance and audit-trail standards. We supply evidence, not the opinion.
StampConformance

Open by floor. Defended at the edges.

Tamper-evident by construction. Re-run any receipt and it re-derives byte for byte, or it shows you exactly where it breaks.

Open at the floor

Apache 2.0 reference verifier. No proprietary base, no walled garden, no lock-in.

The open core is — open source under Apache 2.0. A dated independent audit precedes any production claim.

Independently re-derivable

Re-run it yourself: a receipt re-derives byte for byte, or shows where it breaks. No account required.

An independent attestation option is available on every pack.