Skip to main content

Evidence Chain

The evidence chain is ARQERA's cryptographic audit trail. Every governance evaluation, action execution, and approval decision is recorded as an evidence artifact linked to the previous one via SHA-256 hashes. This creates a tamper-proof, append-only log that auditors and compliance frameworks can verify.

Structure

Each evidence artifact contains:

FieldDescription
idUnique artifact identifier
artifact_typeCategory (e.g., governance_eval, action_executed)
payloadFull data of the event
hashSHA-256 hash of this artifact's payload
previous_hashHash of the preceding artifact
created_atISO 8601 timestamp

The chain looks like this:

Genesis → Artifact 1 → Artifact 2 → ... → Artifact N
hash: h1 hash: h2 hash: hN
prev: 0 prev: h1 prev: hN-1

Tamper Detection

If any artifact is modified, its hash changes. Since the next artifact references the original hash via previous_hash, the chain breaks:

Original: A(hash=abc) → B(prev=abc, hash=def) → C(prev=def)
✓ valid

Tampered: A(hash=xyz) → B(prev=abc, hash=def) → C(prev=def)
↑ ↑
modified prev doesn't match A's new hash
✗ chain broken

The Evidence Verify endpoint checks every link in the chain and reports whether it is intact.

Artifact Types

TypeEventWhat's Recorded
governance_evalGovernance evaluationFull verdict, per-law results, action, context, timing
action_executedAra action executedAction ID, status, execution metadata
action_approvedHuman approved an escalationApprover ID, action ID, approval timestamp
action_rejectedHuman rejected an escalationRejector ID, action ID, rejection reason
compliance_checkCompliance framework checkFramework, requirement, pass/fail
trust_updateTrust score changedActor ID, old score, new score, reason

Why This Matters

Compliance

The EU AI Act (Article 12) requires automatic logging of events throughout a high-risk AI system's lifetime. The evidence chain satisfies this requirement with cryptographic integrity guarantees that go beyond simple logging.

Auditability

External auditors can independently verify the evidence chain:

  1. Request an evidence export via the API
  2. Verify each artifact's hash matches its payload
  3. Verify each previous_hash matches the preceding artifact's hash
  4. Confirm no gaps exist in the chain

Trust

The hash chain means that ARQERA cannot modify historical records without detection. This provides a trust guarantee that goes beyond "we promise we logged it" — the math proves it.

Verification

Via API

curl -s "https://api.arqera.io/api/v1/evidence/verify" \
-H "X-API-Key: $ARQERA_API_KEY"
{
"valid": true,
"total_artifacts": 1247,
"verified_count": 1247,
"chain_head_hash": "sha256:a3f7b2c1d4e5f6a7b8c9d0e1f2a3b4c5",
"verified_at": "2026-02-22T10:35:00Z"
}

Via Dashboard

Navigate to Governance > Evidence in the ARQERA dashboard. The chain integrity status is displayed at the top of the page.

Retention

Evidence retention depends on your subscription tier:

TierRetentionStorage
Free30 days1 GB
Team365 days10 GB
Business3 years100 GB
EnterpriseUnlimitedUnlimited

When artifacts age past your retention window, they are removed from the active chain. Export evidence before retention expiry if you need to keep it longer.


Next Steps