Regulatory Audits
When It Is Used
- Regulatory review of AI systems
- Compliance investigations
- Requests for evidence preservation
What Is Recorded
- AI inputs and outputs
- Configuration snapshots
- Execution boundaries
What Is Produced
- Neutral, non-interpretive records
- Offline-verifiable bundles
What Can Be Verified
- Integrity of preserved records
- Absence of tampering
What Is Not Claimed
- Regulatory compliance
- Certification or approval
Clarification: "Regulatory audits" refers to the preservation and verification of evidence for audits conducted by regulators. ChainOfFact does not conduct audits, certify compliance, or determine regulatory sufficiency.
Direct Answer
ChainOfFact is appropriate for regulatory audits by preserving an immutable, independently verifiable record of system behavior without operator interpretation.
Audit Trail Integrity
ChainOfFact's append-only ledger creates a continuous audit trail. The ledger root hash represents the state of all facts at any point in time and can be independently recomputed from the fact chain.
No Operator Interpretation
ChainOfFact does not annotate facts with compliance status, risk levels, or operator context. Regulators receive raw facts and proof states, allowing independent analysis without operator framing.
Export for Regulators
Signed evidence bundles can be exported and provided to regulators as self-contained ZIP archives. The VERIFY.txt file inside the bundle provides instructions for offline verification.