Verifiable AI Compliance Evidence

Audit-ready AI compliance evidence.
Structured.
Verifiable.
Reproducible.

CNAUS helps AI companies produce audit-ready compliance evidence. We structure and verify the underlying proof so audits become reproducible instead of narrative-based.

A verifiable evidence layer for AI compliance — delivered as a structured service, built on an open conformance core.

Request Evidence Sprint View Example Output Explore GitHub ↗
CNAUS Core Status ● Operational
registry-corePUBLIC
conformance-packPUBLIC
validatorAVAILABLE
proof-feedVALID
adoption-packv0.1.1
operator layerLATER
registry-core PUBLIC
conformance-pack PUBLIC
validator AVAILABLE
proof-feed VALID
adoption-pack v0.1.1
operator LATER
Verifiable AI Compliance Evidence
Audit-Ready Evidence Bundles
Reproducible Verification
PASS/FAIL Conformance Logic
Hash-Chain Proof Feed
Evidence Sprint · 7–14 Days
Written-First Delivery
RFC0001–RFC0003
Verifiable AI Compliance Evidence
Audit-Ready Evidence Bundles
Reproducible Verification
PASS/FAIL Conformance Logic
Hash-Chain Proof Feed
Evidence Sprint · 7–14 Days
Written-First Delivery
RFC0001–RFC0003
The Problem

AI compliance evidence is usually not reproducible.

Documentation exists — but it is fragmented, inconsistent between versions, and impossible to verify independently. When audits arrive, teams reconstruct evidence manually. The result is a narrative, not a verifiable check.

CNAUS structures compliance evidence into reproducible, verifiable proof — from intake to a complete evidence bundle any third party can independently validate.

AI system artifacts
Compliance claims
Risk context & controls
Structured evidence files
Machine-readable record
Validation report
Verification steps — reproducible by any third party
Products

Four delivery formats. Concrete outputs.

Product 01

AI Tool Register Quickstart

For teams that use AI tools but have no structured register.

  • AI tool inventory
  • Purpose and owner per tool
  • Data categories
  • Basic risk view
  • Action list
  • Management summary
Request Quickstart →
Product 02

AI Governance Evidence Sprint

For teams that need structured, verifiable AI compliance evidence.

  • AI tool register
  • Evidence checklist
  • Risk/control mapping
  • CNAUS evidence record
  • Conformance-style report
  • Hash manifest + verification steps
  • Management summary
Request Evidence Sprint →
Product 03

Vendor AI Risk Evidence Pack

For companies reviewing AI vendors, or AI providers responding to customer due diligence.

  • Vendor questionnaire
  • Evidence requirements
  • Risk findings
  • Decision memo
  • Structured evidence bundle
  • CNAUS-compatible evidence record
Request Vendor Pack →
Product 04

Monitoring & Maintenance

For teams that need their AI evidence kept current over time.

  • Monthly or quarterly update
  • New AI tool entries
  • Updated risk notes
  • Repeated validation run
Request Monitoring →
What You Get

Every delivery produces concrete artifacts.

A structured Evidence Bundle — a folder of named, hashed, and verifiable files. Below is a fictional demonstration package showing the delivery structure.

Example Evidence Bundle Fictional demonstration
ExampleCo_CNAUS_EvidenceBundle_v1/ ● Conformance: PASS
📁 ExampleCo_CNAUS_EvidenceBundle_v1/
├──01_management-summary.pdfPDF
├──02_ai-tool-register.xlsxXLSX
├──03_risk-control-mapping.pdfPDF
├──04_evidence-checklist.pdfPDF
├──05_cnaus-record.jsonJSON
├──06_conformance-style-report.pdfPDF
├──07_sha256-manifest.txtTXT
└──08_verification-steps.mdMD
View Demo Structure ↗
How It Works

Five steps. Written-first delivery.

01 — Intake

Identify Scope

AI tools, vendors, data categories, owners, existing documentation. Structured intake form.

02 — Structure

Organise Evidence

Evidence is organised into a standard folder and record structure per CNAUS schemas.

03 — Map

Risk & Controls

Evidence is mapped to compliance requirements, vendor-risk, and audit-readiness criteria.

04 — Validate

Conformance Check

Records are checked against CNAUS conformance logic. PASS/FAIL output per RFC0001–RFC0003.

05 — Deliver

Bundle & Report

Management summary, evidence bundle, validation report, and verification steps. 7–14 days.

CNAUS Core

The open technical layer behind the products.

CNAUS Core defines how AI compliance evidence can be structured, versioned, validated, and verified. Public so the evidence logic can be inspected and independently reviewed by anyone.

View GitHub ↗
Registry Core
Base structure for machine-readable evidence records
Public
Conformance Pack
Rules and checks for conformance-style validation
Public
Validator
Reference logic for PASS/FAIL-style output
Available
Proof Feed
Hash-based integrity trail for evidence events
Public
Adoption Pack
Templates, intake forms, and implementation guidance
Public
Operator Layer
Hosted registry and validator services — planned
Later
Use Cases

Who uses CNAUS products.

AI Companies

Produce verifiable compliance evidence for audits, enterprise procurement, and regulatory review — without manual reconstruction every time.

AI Providers

Respond to customer due diligence with structured evidence bundles instead of static PDFs. Make your compliance claims independently verifiable.

Consultants

Use CNAUS as a repeatable delivery format for AI compliance evidence across client engagements.

Compliance & Audit Teams

Review structured, reproducible evidence instead of narrative documentation. Verification steps included in every delivery.

Note: CNAUS does not provide legal certification and does not replace legal advice, ISO certification, or regulatory assessment. CNAUS provides structured evidence, conformance-style validation, and reproducible documentation workflows that can support compliance, vendor-risk, and audit-readiness processes.

Contact

Request an Evidence Sprint or pilot review.

Send a short note with your organisation type, which AI tools or vendors are in scope, and whether you need a tool register, vendor review, or evidence sprint.

We will respond in writing.

Get in Touch
Submitting opens your email client. No data stored on this page.