TRUST · AUDIT · REPLAY

Evidence, by design.

Every screen, every methodology, every signature, every override — cryptographically signed and time-stamped. The same view your internal auditor will use, and the same view a competent authority would request in any ex-post review.

REPLAY DETERMINISM

Reproducible verdicts

Every historical verdict is reproducible from its inputs. The replay endpoint takes a verdict ID and reconstructs the entire computation: which methodology version, which input figures (cited to the iXBRL fact ID), which rules evaluated, which thresholds applied. Bit-for-bit identical to the original verdict.

HASH-CHAINED LOG

Tamper-evident audit trail

The audit log is append-only and hash-chained. Every entry references the hash of the previous entry; any tampering with a historical entry invalidates the chain from that point forward. Optional anchoring to a public chain for the highest-defensibility deployments.

METHODOLOGY SIGNING

Cryptographically attested

Each methodology version is a signed YAML document. SSB approval is a cryptographic signature bound to the document hash, exposed in the audit log. The SSB retains governance authority without becoming an operational bottleneck. Rollback in one operation across all tenant portfolios.

Evidence packs — one-click regulator export

An evidence pack is a signed PDF + JSON bundle covering a specific verdict or a portfolio-level period. It contains: the methodology version document, the SSB signature, the input figures with citations, the rule-level evaluation breakdown, the verdict, the human-review trail (if any), and the audit-log excerpt covering the relevant entries. Generated in one operation and delivered to the tenant or directly to a competent authority on request.

Confidence floors and human review

Each verdict carries a composite confidence score and per-input confidence scores. Verdicts below the tenant’s configured floor are routed to the human-review queue before issuance — not after. Reviewer identity, override reason, and timestamp are recorded as part of the audit log. No silent low-confidence approvals.

Compliance roadmap

  • M3 — DPIA finalised; AI Act conformity preparation statement v0; signed AAOIFI methodology baseline.
  • M6 — AAOIFI-aligned advisory letter; AI Act Annex IV technical documentation v1.
  • M12 — Target SOC 2 Type I attestation (subject to external auditor); DORA pack production-grade.
  • M18 — Target SOC 2 Type II attestation; AI Act post-market monitoring live; sovereign-tier alpha.
  • M24 — Target ISO 27001 certification; sovereign-tier general availability; €2.5M ARR run-rate.

NEXT STEP

A 45-minute briefing. For decision-makers only.

With the compliance engineer and Sharia analyst who built HalalRegTech AI. For institutional banks, Sharia boards, regulators, and Sharia advisory partners.

Book a briefing Read the methodologies